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Course description 


Fundamentals of Cloud Computing 
Duration: 1 day 


Purpose 


This one-day, instructor-led course is designed to teach students the 
basic concepts and terminology of cloud computing. 


After establishing the definition of cloud computing, this course 
describes the various service delivery models of a cloud computing 
architecture, and the ways in which clouds can be deployed as public, 
private, hybrid, and community clouds. Students also learn about the 
security challenges that cloud deployments experience, and how 
these are addressed. The course also describes IBM cloud computing 
architecture and offerings, the IBM WebSphere CloudBurst appliance, 
and the IBM WebSphere Hypervisor edition software product. 


A number of self-running and hands-on demonstrations in simulation 
mode enable students to experience how to sign onto and use 
cloud-based instances. The hands-on demonstrations include 
applying for a contract to use the IBM Smart Business Development 
and Test Cloud. Students sign onto the IBM Smart Business 
Development and Test Cloud, create an instance of the cloud, and 
connect to it. Other self-running demonstrations focus on getting 
started with cloud computing using the IBM WebSphere CloudBurst 
appliance. In the final exercise, students complete a crossword puzzle 
on what they have learned. 


Audience 


This introductory course is designed for software architects and 
developers of cloud systems, as well as application and enterprise 
software engineers. It is also appropriate for business professionals 
who would like to gain a comprehensive understanding of cloud 
computing. 


Prerequisites 


Before taking this course, students should be familiar with enterprise 
application architecture, distributed computing paradigms, and 
browser-based access. 
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Objectives 


After completing this course, you should be able to: 
e Define cloud computing 
e Identify the key characteristics of cloud computing 
e List the benefits of using clouds 
e Describe some of the challenges to adopting a cloud architecture 
e Describe key cloud computing concepts and terminology 
e Describe the service delivery models in cloud computing: 
- Identify the software as a service (SaaS) delivery model 
- Identify the platform as a service (PaaS) delivery model 
- Identify the infrastructure as a service (laaS) delivery model 
e List the various cloud deployment scenarios: 


- Describe the features of private, public, hybrid, and community 
clouds 


- List some additional cloud deployment types 


- Select the most appropriate deployment model based on a set 
of business and technical requirements 


e Review the integration of security into the cloud reference model 
e Describe security considerations in cloud computing 

e Identify security options available in cloud computing 

e Identify the top security threats to cloud computing 


e Describe the architecture of IBM cloud computing and IBM cloud 
computing offerings: 


- Position the various vendors in the service delivery model of 
cloud computing 


- Illustrate an IBM example cloud architectural configuration 
- Describe some of the IBM cloud offerings 


e Describe the capabilities of WebSphere CloudBurst and 
WebSphere Hypervisor Edition 


Curriculum relationship 
e N/A 
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Agenda 


Day 1 


Course introduction 

Unit 1. Overview of cloud computing 

Unit 2. Cloud computing concepts 

Unit 3. Cloud service delivery models 

Unit 4. Cloud deployment scenarios 

Demonstration 1. Requesting contract forms for the IBM Smart 
Business Development and Test Cloud 

Demonstration 2. Reviewing a contract for the IBM Smart Business 
Development and Test Cloud 

Unit 5. Security in cloud computing 

Unit 6. IBM cloud computing architecture and offerings 
Demonstration 3. Instance creation on the IBM Smart Business 
Development and Test Cloud 

Demonstration 4. Connecting to an instance on the IBM Smart 
Business Development and Test Cloud 

Demonstration 5. Getting a fixed IP address, storage, and keys on the 
IBM Smart Business Development and Test Cloud 

Unit 7. IBM WebSphere CloudBurst and IBM WebSphere Hypervisor 
edition 

Demonstration 6. Showing WebSphere CloudBurst 

Unit 8. Course summary 

Final exercise: Cloud computing crossword 
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Unit 1. Overview of cloud computing 


What this unit is about 


This unit provides you with an introduction to cloud computing. 


What you should be able to do 


After completing this unit, you should be able to: 


Define cloud computing 


Describe the key characteristics of cloud computing 


Describe the benefits of using clouds 


Describe some driving factors towards using cloud computing 


Describe some of the concerns related to cloud computing 


Compare grid computing with cloud computing 


Provide authentic examples of cloud computing 


How you will check your progress 


e Checkpoint 


References 


http: //csrc.nist .gov/groups/SNS/cloud-computing/ 
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Unit objectives 


After completing this unit, you should be able to: 

e Define cloud computing 

e Describe the key characteristics of cloud computing 

e Describe the benefits of using clouds 

e Describe some driving factors towards using cloud computing 
e Describe some of the concerns related to cloud computing 

e Compare grid computing with cloud computing 

Provide authentic examples of cloud computing 
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Figure 1-1. Unit objectives WS009 / VS0091.0 
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What is a cloud? 


The Cloud 


Web 
SaaS applications 


Hosting PaaS 


Web laaS 
hosting 


Infrastructure 
utility 
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Figure 1-2. What is a cloud? WS009 / VS0091.0 


Notes: 


The term cloud is used as a metaphor for the Internet, based on how the Internet is 
depicted in computer network diagrams and is an abstraction for the complex infrastructure 
it conceals. 


e Hosting refers to fixed, dedicated resources. 

e Web hosting refers to hosted and dedicated web applications and web content. 

e SaaS are shared applications accessed as a service (more on this in a later unit). 
e PaaS refers to platform provided as a service (more on this in a later unit) 

e laaS is infrastructure provided as a service (as well....more on this in a later unit) 


e Infrastructure utility is industrialized computing resources (or those resources that have 
been commoditized). 


e Web applications are provider dedicated web applications and web content. 
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Definition of cloud 


e cloud (noun) 
— A network that delivers requested virtual resources as a service 


© Copyright IBM Corporation 2010 


Figure 1-3. Definition of cloud WS009 / VS0091.0 


Notes: 
This slide simply gives the definition of cloud as it relates to cloud computing: 


cloud (noun): a network that delivers requested virtual resources as a service. 
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Definition of cloud computing 


e Cloud computing is a model for enabling convenient, on-demand 
network access to a shared pool of configurable computing resources 
that can be rapidly provisioned and released with minimal management 
effort or service provider interaction 
— From the National Institute of Standards and Technology definition of cloud 


computing V15 at 
http: //csre.nist.gov/groups/SNS/cloud-computing/ 
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Figure 1-4. Definition of cloud computing WS009 / VS0091.0 


Notes: 


The definition of cloud computing is taken from the National Institute of Standards and 
Technology definition of cloud computing V15, dated 10-7-2009. 


Cloud computing is a model for enabling convenient, on-demand network access to a 
shared pool of configurable computing resources (for example, networks, servers, storage, 
applications, and services) that can be rapidly provisioned and released with minimal 
management effort or service provider interaction. 


Irving Wladawsky-Berger, consultant and emeritus Vice President IBM technology, 
provides this definition: 


“| view cloud computing as a broad array of web-based services aimed at allowing users to 
obtain a wide range of functional capabilities on a ‘pay-as-you-go’ basis that previously 
required tremendous hardware and software investments and professional skills to acquire. 
Cloud computing is the realization of the earlier ideals of utility computing without the 
technical complexities or complicated deployment worries.” 
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Key characteristics of cloud computing (1 of 2) 


e On-demand self-service 


— Focuses on delivering IT services driven by user requests 
— No human interaction with the cloud provider 


— Cloud computing provides a means of delivering computing services that makes 
the underlying technology, beyond the user device, almost invisible 


e Ubiquitous network access 


— Focuses on delivering IT services anytime, anywhere, and through user-chosen 
devices 


— Users accessing services via Internet technologies expect a secure, “always-on” 


computing infrastructure that delivers as easily and reliably as electricity from a 
wall outlet 
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Figure 1-5. Key characteristics of cloud computing (1 of 2) WS009 / VS0091.0 


Notes: 


On-demand self-service focuses on delivering IT services driven by user requests. 


Users accessing services via Internet technologies expect a secure, “always-on” 


computing infrastructure that delivers as easily and reliably as electricity from a wall outlet, 
requiring a fundamental change in how services are delivered. 
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Key characteristics of cloud computing (2 of 2) 


e Pool of virtualized resources 


— Focuses on delivering IT services through resource pools that can expand and 
contract based on the requirements of the underlying workload and the usage 
characteristics 


e Utility-based pricing 
— Focuses on delivering IT services that can be metered for usage and charged for 
(if needed) through pricing models including subscription, usage pricing 


— Service level agreements (SLAs) 
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Figure 1-6. Key characteristics of cloud computing (2 of 2) WS009 / VS0091.0 


Notes: 


Another key characteristic is elasticity of resources. IT services are delivered through 
resource pools that can expand and contract based on the requirements of the underlying 
workload and the usage characteristics. 


Flexible pricing models allow for subscription and usage-based pricing. Using the cloud, 
you can rent the hardware and software you need rather than purchasing them outright. 


The quality of service when using clouds is negotiated and measured against service level 
agreements, or SLAs. 
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Why use clouds? 


e Better capital utilization 
— Pay-as-you-go 
— The unit cost of on-demand capacity may be higher than the unit cost per time 
unit of fixed capacity; offset by no charge when capacity is not being used 


Accelerate software development, deployment, and testing 
— Fast provisioning of resources 

Elasticity of resources 

— Scalable and flexible use of resources 


e Access to complex infrastructure and resources without internal 
resources 


Support for geographically distributed users 
e New business opportunities 
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Figure 1-7. Why use clouds? WS009 / VS0091.0 


Notes: 


Here you see some of the reasons why you may consider migrating to a cloud computing 
model. 


e Better capital utilization: 


In the traditional model you provision for peak loads, or the maximum utilization. With 
cloud computing you are charged on a usage basis. 


Note: The unit cost of on-demand capacity may be higher than the unit cost per time 
unit of fixed capacity. This is offset by not having to pay for the resource when not in 
use. 


If: 
- Unit cost per time unit of fixed capacity = C 
- Utility premium (multiplier for utility) = U 
Then: 


- Unit cost of on-demand capacity = U * C 
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e Accelerate software development, deployment, and testing: 
Faster provisioning of resources is a key benefit in using clouds. Instead of taking 
weeks to set up the environment, it can be provisioned in minutes. 


e Elasticity of resources: 
With cloud computing you have access to a pool of virtualized resources that can 
expand and contract on demand. 


e Access to complex infrastructure and resources without internal resources: 
Provisioning of infrastructure and application services can be outsourced to cloud 
providers. 


e Support for geographically distributed users: 
Access to resources in the cloud are based on standard Internet transports and 
protocols. 


e New business opportunities: 
There are new business opportunities for providers to host cloud services and vendor 
applications. 
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How clouds are changing industry 


An enabler of business transformation 


Creating new business models 


Enabling innovation 


Reengineering of business processes 


Support for new levels of collaboration 
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Figure 1-8. How clouds are changing industry WS009 / VS0091.0 


Notes: 


Clouds are enablers for business transformation by changing industries in the following 
ways: 


e Creating new business models: 
The use of clouds changes how resources are procured, sourced, and delivered. 
Hardware and software can be rented on a pay-per-use basis. 


¢ Enabling innovation: 
Cloud computing uses the power of the Internet and grid computing to move towards a 
virtual enterprise that is not limited by hardware constraints. 


e Reengineering of business processes: 
Applications need to be built to be machine independent, container-managed, with 
small memory footprints. 


¢ Support for new levels of collaboration: 
Collaboration using the cloud is not restricted to a single geographical location. 
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How clouds are changing IT 


An evolution of information technology 


Changing the economics of IT 


Automating service delivery 


Exploiting standardization 


Rapidly deploying new capabilities 
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Figure 1-9. How clouds are changing IT WS009 / VS0091.0 


Notes: 
Clouds are enablers for IT transformation by changing IT in the following ways: 


¢ Changing the economics of IT: 
Cloud computing is driving operational efficiencies in IT through better use of resources. 


¢ Automating service delivery: 
The term self service means that developers and testers can directly procure the 
resources they need to complete their tasks without going through lengthy procurement 
chains. This results in a significantly shortened procurement period, and it means that 
developers and testers can quickly get to the task at hand. 


¢ Exploiting standardization: 
Access to clouds is through standard Internet transports and protocols, providing 
access to a range of user devices. 


¢ Rapidly deploying new capabilities: 
Test and operation teams may have different conventions and configurations from 
development teams, and this can lead to unintended application behavior and delays in 
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service delivery. Cloud computing offers a potential solution to this problem by offering 
prebuilt solution stacks. These solution stacks are ready to deploy configurations, which 
include the application and entire environment, including the operating system. The 
stack can be captured as an image (for example, OVF image or Amazon Machine 
Image). The image can be transferred between each team along the delivery cycle. 
Administrators can see the exact environment in which the application was designed 
and unit tested, and they can balance needed changes to that environment against a 
known, working solution. 
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Driving factors towards cloud computing (1 of 2) 


e Poorly utilized resources driving up hardware and labor costs 
— Setting up a new environment is expensive; there is an incentive to hold on to 
them “just in case” 
— Each new project requisitions new hardware instead of recycling unused 
hardware; this takes time and money 
e Takes too long to create middleware infrastructures 
— Average lead time to get a new application environment is 4—6 weeks 
— Approvals, procurement, shipment, hardware installation, license procurement, 
OS installation, configuration, application installation 
e Creating middleware infrastructures is a manual process and error 
prone 


— Minor differences in configurations can introduce errors or bugs that are difficult 
to detect 


— Often only emerge when moving from test to production 
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Figure 1-10. Driving factors towards cloud computing (1 of 2) WS009 / VS0091.0 


Notes: 
These are some of the factors driving the adoption of cloud computing: 
¢ Poorly utilized resources driving up hardware and labor costs 


Setting up a new environment is expensive; there is an incentive to hold on to them “just 
in case.” 


Each new project requisitions new hardware instead of recycling unused hardware; this 
takes time and money. 


* Takes too long to create middleware infrastructures 
The average lead time to get a new application environment is 4—6 weeks. 


Approvals, procurement, shipment, hardware installation, license procurement, OS 
installation, configuration, and application installation need to be considered. 


e Creating middleware infrastructures is a manual process and error-prone 


Minor differences in configurations can introduce errors or bugs that are difficult to 
detect. These often only emerge when moving from test to production. 
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Driving factors towards cloud computing (2 of 2) 


e Each application must be sized to support peak load 
— Idle resources during non-peak times 
e Inability to use idle resources to handle extra load 
— Quality of service may suffer during periods of exceptional load 


Supply chain Inventory 
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Figure 1-11. Driving factors towards cloud computing (2 of 2) WS009 / VS0091.0 


Notes: 


In this example, the supply chain, inventory, and retail applications have been sized to 
support their respective peak loads. This leads to under-utilized hardware and software 
during off-peak periods. 


In addition, during peak periods, quality of service may be degraded during periods of 
exceptional load. 


It would be better to have a pool of shared resources that can be managed as a single 
logical entity that can be provisioned and deprovisioned on demand. 
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Concerns related to cloud computing 


e Maturity 
— Is the technology ready for production-level deployment? 


Standards 
— Still being developed 


e Security concerns 
— Multiple customers sharing the same resources 


Interoperability 
— Many different vendor APIs 


Control of data 
— Organizational level of comfort with data being outside traditional IT 
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Figure 1-12. Concerns related to cloud computing WS009 / VS0091.0 


Notes: 


The question arises: Is cloud ready for prime-time? Beyond the hype, many vendors are 
investing and competing in this space. Competition among vendors drives innovation in 
cloud computing. 


Open Cloud Manifesto (http: //ww.opencloudmanifesto.org) is a statement of the 
principles for maintaining the openness of cloud computing. It has over 250 organizations 
signed on as supporters. 


The security concerns of customers sharing the same resources can be mitigated through 
techniques such as encryption. Only making public-domain data available in public clouds 
is another way of tackling this issue. 


Interoperability is the ability to write code that is supported across a number of cloud 
providers, as well as the ability to move to a different cloud provider. 


In the majority of cases, organizations want to be in control of their own data. This 
requirement is addressed through the use of private clouds, which are covered in a later 
unit. 
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Other technologies that can be used in cloud computing 


e Grid technology 

e Service-oriented architectures 
e Web 2.0 

e Open source software 

e Autonomic systems 
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Figure 1-13. Other technologies that can be used in cloud computing WS009 / VS0091.0 


Notes: 


A number of complementary technologies may be used in delivering cloud-based solutions, 
but are not required in every situation. These include: 


e Grid technology 
There are several situations where grid technology and cloud can be used together. 
Grids provide automatically scalable resources that are made available over a network, 
and from this perspective, there is a convergence with clouds. 


e Service-oriented architectures 
SOA is an architecture, not a software product. Cloud computing does not prerequisite 
a service-oriented architecture, and you can make use of cloud technology without first 
adopting an SOA. However, there are some service models of clouds that can make 
use of web services that have been defined in SOA. Notably, this is the software as a 
service model (SaaS) of cloud computing. The various cloud service models are 
covered in a later unit. 


e Web 2.0 
Web 2.0 is based on a collection of architectural styles and technologies. Web 2.0 
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introduced a more collaborative approach to the use of web resources. It describes an 
architectural style in which service consumers and service providers interact in a 
RESTful way. REST is the abbreviation for Representational State Transfer. 


e Open source software 
Open source software is often used in cloud computing to reduce the rental cost of 
cloud resources. 


e Autonomic systems 
Autonomic systems are complex computer environments that manage themselves. 
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Comparing grid with cloud computing 


Architecture User-specified 


Platform Client software Works ina 
awareness must be grid- customized 
enabled environment 


provided by the 
service provider 


Scalability Nodes Nodes and 
infrastructure 
Standardization Interoperability Lack of standards 
and standards for interoperability 
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Figure 1-14. Comparing grid with cloud computing WS009 / VS0091.0 


Notes: 


The slide provides some of the capability comparisons between grid and cloud computing. 


Grid computing involves applying the resources of many computers in a network, working 
in concert or parallel, to solve a single problem at the same time. Cloud computing provides 
resources for many independent tasks. 
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Public 


¢ Amazon Web Services 


» Mapquest e GoGrid 
e Rackspace 
e Zoho 
e VMware 
e Salesforce.com 
e Google 


e Google App Engine 
e Windows Azure 
e Appexchange 
e Facebook 
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Figure 1-15. Public clouds (commercial) WS009 / VS0091.0 


Notes: 


There are generally two types of clouds: public (commercial) and private clouds. Often 
depicted as being available to users from a third-party provider, public clouds are typically 
made available via the Internet and may be free or inexpensive to use. There are many 
examples of these types of clouds, providing services across open, public networks today. 
One example is Amazon Web Services, where IBM has made available new Amazon 
Machine Images (AMIs) for development and test purposes, enabling software developers 
to build preproduction applications based on IBM software within the Amazon Elastic 
Compute Cloud (EC2) environment. 


In later units the different cloud deployment models (public and private clouds) are covered 
in more detail. 
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Unit summary 


Having completed this unit, you should be able to: 

e Define cloud computing 

e Describe the key characteristics of cloud computing 

e Describe the benefits of using clouds 

e Describe some driving factors towards using cloud computing 
e Describe some of the concerns related to cloud computing 

e Compare grid computing with cloud computing 

Provide authentic examples of cloud computing 
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Figure 1-16. Unit summary WS009 / VS0091.0 
Notes: 
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jen] 


Checkpoint 
1. True or False: A pay-per-usage solution makes sense if the unit 


cost of cloud services is ower than the equivalent unit cost of 
dedicated owned capacity. 


2. Match the following descriptions with the best definition: 


1) Developers and testers can A. Virtualization 
procure resources on demand 


2) Diverse resource pool can be B. Prebuilt solution stack 
viewed as a single logical entity 


3) Provides aconsistent deployment | C. Self-service 
configuration 
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Figure 1-17. Checkpoint WS009 / VS0091.0 


Notes: 


Write your answers here: 
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Checkpoint answers 


1. True or False: A pay-per-usage solution makes sense if the unit 
cost of cloud services is ower than the equivalent unit cost of 
dedicated owned capacity. 

Correct answer: True 


2. Match the following descriptions with the best definition: 


1) Developers and testers can C. Self-service 
procure resources on demand 


2) Diverse resource pool can be A. Virtualization 
viewed as a Single logical entity 


3) Provides aconsistent deployment | B. Prebuilt solution stack 
configuration 
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Unit 2. Cloud computing concepts 


What this unit is about 


This unit covers cloud computing concepts and terminology. 


What you should be able to do 


After completing this unit, you should be able to: 


Describe how cloud computing leverages the Internet 
Describe elasticity and scalability 

Define virtualization 

List the characteristics of virtualized environments 
Define hypervisors 

Compare virtualized and nonvirtualized systems 
Describe the types of hypervisors 

Explain provisioning and deprovisioning 

Describe multitenancy 


Describe management in cloud computing, including governance, 
tooling, and automation 


How you will check your progress 


Checkpoint 


© Copyright IBM Corp. 2010 


Unit 2. Cloud computing concepts 2-1 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


Unit objectives 


After completing this unit, you should be able to: 


Describe how cloud computing leverages the Internet 
Describe elasticity and scalability 

Define virtualization 

List the characteristics of virtualized environments 
Define hypervisors 

Compare virtualized and nonvirtualized systems 
Describe the types of hypervisors 

Explain provisioning and deprovisioning 

Describe multitenancy 


Describe management in cloud computing, including governance, 
tooling, and automation 
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Figure 2-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Topics 


e Concepts of cloud computing 


e Management, tooling, and automation in cloud computing 


Figure 2-2. Topics 


Notes: 
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2.1. Concepts of cloud computing 
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Concepts of cloud 
computing 


Man © Copyright IBM Corporation 2010 
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WS009 / VS0091.0 


Figure 2-3. Concepts of cloud computing 


Notes: 
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Cloud computing leverages the Internet 
e Cloud computing is the next stage of evolution of the Internet. 
e Cloud computing is Internet-based computing, whereby shared 


resources, software and information are provided to computers 
(hardware) and other devices on-demand, like the electricity grid. 


e Cloud is a new consumption and delivery model 
inspired by consumer Internet services 


Computer 
services 


e Cloud enables: 


Cloud 
computing 
model 


= Self-service 
= Sourcing options 
= Economies of scale 
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Figure 2-4. Cloud computing leverages the Internet WS009 / VS0091.0 


Notes: 
Simply put, a cloud is an online environment for access to computer resources, such as: 
e Computing power 
e Storage 
e Management 
e Applications 


The availability of broadband access to the Internet has opened new opportunities for 
delivering services to consumers or clients via the Internet. Benefits from other areas such 
as service-oriented architectures, virtualization of resources, fine-grained metering, and 
flexible billing, have brought about a new business model of cloud computing. Cloud 
computing is a model for enabling convenient, on-demand network access to a shared IT 
infrastructure. A company may outsource its technologies to independent service providers 
(ISP) who host the services and rent them back to the company on a per-usage basis. 
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Positioning cloud to a grid infrastructure 


e Grid computing links disparate computers to form one large (virtual) 
infrastructure, leveraging unused resources 


e Grid computing is one vehicle that allows the cloud to scale up, or 
down, to meet the demand 


e Grid sizes vary, from forming a “super virtual computer” composed on 
many networked loosely coupled computers to form a single task, to a 
smaller redundant dual computer system 
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Figure 2-5. Positioning cloud to a grid infrastructure WS009 / VS0091.0 


Notes: 


For further information refer to the article “Cloud computing versus grid computing” by 
Judith Myerson at: http://www. ibm. com/developerworks/web/1library/wa-cloudgrid/ 
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Elasticity and scalability 


Elasticity is the ability to expand or shrink a computing resource in real 
time, based on the user’s computing requirements 

— The ability to scale 

— Sometimes referred to as “right-sizing” 

e Cloud service providers provide services based on usage 

e This usage must meet service level agreements (SLA) while minimizing 
cost 

Elasticity and scalability are used to achieve this 

— Cloud services scale up to meet demand 

— Cloud services scale down when higher demand is not required 

— Customers only pay for services used 

e An example of when elasticity is valuable is during load testing 
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Figure 2-6. Elasticity and scalability WS009 / VS0091.0 


Notes: 


Customers who retain cloud services from a cloud services provider have processing 
demands, which must be met. These demands are identified in service level agreements. 
The cloud provider cannot predict when customers require peak demands. To meet these 
demands, the cloud infrastructure has the ability to scale upward, stretching like a rubber 
band. When customers use a cloud infrastructure that utilizes more resources, they pay for 
this. However, when the peak load is over, the cloud infrastructure shrinks, or scales down, 
to the required resources. At this point in time, the customer is only paying the reduced 
infrastructure cost. The elastic nature of cloud computing offers customers the resource 
power when required, without forcing them to pay for peak performance infrastructure costs 
the entire time. Instead, they pay only for the resources they use. Elasticity is a major 
benefit to cloud computing. 
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Scale up on demand 


Scale down on demand 


2» 
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Figure 2-7. Elastic use of resources WS009 / VS0091.0 


Notes: 


This slide depicts the elastic use of resources in cloud computing. 
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Virtualization 


e Virtualization involves a shift in thinking from physical to logical 


— Treating IT resources as logical resources rather than separate physical 
resources 


e With virtualization, you can consolidate the following resources into a 
virtual environment: 
— Processors 
— Storage 
— Networks 
e With virtualization, one physical resource can be made to look like 
multiple virtual resources 


— Virtual resources can have functions or features that are not available in their 
underlying physical resources. 
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Figure 2-8. Virtualization WS009 / VS0091.0 


Notes: 


Virtualization improves IT resource utilization by: 


¢ Treating your company’s physical resources as pools from which virtual resources can 
be dynamically allocated 


Virtualization involves a shift in thinking from physical to logical: 
¢ Treating IT resources as logical resources rather than separate physical resources 
With virtualization, you can consolidate the following resources into a virtual environment: 
e Processors 
e Storage 
e Networks 
With virtualization, you can make one physical resource look like multiple virtual resources. 


e Virtual resources can have functions or features that are not available in their 
underlying physical resources. 
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What can be virtualized? 


e Virtualization may refer to: 
— Hardware 
Networks 
Storage 
— Operating systems 
Applications 
Desktop 
— Data 
e The main advantage of virtualization in cloud computing is that the 
software is decoupled from the hardware 


— Decoupling allows hosting an individual application in an environment that is 
isolated from underlying operating system 
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Figure 2-9. What can be virtualized? WS009 / VS0091.0 


Notes: 


Decoupling changes the software from being dependent on the underlying hardware to 
being independent of the hardware. 
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Characteristics of virtualization 


e Partitioning 
— Run multiple application and operating systems in a single physical machine 
by partitioning the available resources 


e Isolation 


— Virtual machines are completely isolated from hosts and other virtual 
machines 


e Encapsulations 


— Encapsulate the entire state of a virtual machine in hardware-independent 
files 
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Figure 2-10. Characteristics of virtualization WS009 / VS0091.0 


Notes: 


The characteristics of a virtualized environment can be summed up as being partitioned, 
isolated, and encapsulated. 


Partitioning 


e Run multiple application and operating systems in a single physical machine by 
partitioning the available resources. 


e Allocation of resources to virtual machines intelligently based on user needs. 
e Support high availability by clustering virtual machines. 
Isolation 
e Virtual machines are completely isolated from hosts and other virtual machines. 
¢ Crash of a virtual machine does not affect other virtual machines. 


¢« Data is not shared between virtual machines. 
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e Virtual machines can only communicate through specifically configured network 
connections. 


Encapsulations 
e Encapsulate the entire state of a virtual machine in hardware-independent files. 


e These files contain the operating system and application files plus the virtual machine 
configuration. 
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Benefits of virtualization 


e Consolidation to reduce hardware cost 
— Enables you to have a single server function as multiple virtual servers 
e Optimization of workloads 


— Can increase the use of existing resources by enabling dynamic sharing of 
resource pools 


e IT flexibility and responsiveness 


— Enables you to have a single, consolidated view of, and easy access to, all 
available resources in the network, regardless of location 
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Figure 2-11. Benefits of virtualization WS009 / VS0091.0 


Notes: 
The benefits of virtualization can be summarized as follows: 
Consolidation to reduce hardware cost 


e Enables you to efficiently access and manage resources to reduce operations and 
systems management costs while maintaining needed capacity 


e Enables you to have a single server function as multiple virtual servers 
Optimization of workloads 
e Enables you to respond dynamically to the application needs of its users 


¢ Can increase the use of existing resources by enabling dynamic sharing of resource 
pools 


IT flexibility and responsiveness 


e Enables you to have a single, consolidated view of, and easy access to, all available 
resources in the network, regardless of location 
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¢ Enables you to reduce the management of your environment by providing emulation for 
compatibility, improved interoperability, and transparent change windows 
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Virtualization in cloud computing 


Virtualization Energy 


she Standardization 
efficiency 


7 ; Reduced 
utomation costs 


...leverages virtualization, standardization and service management 
to free up operational budget for new investment 


a Business and 
Agility IT alignment 


Service 
flexibility 


Industry 
standards 


Optimized 
business 


.. -allowing you to optimize new investments for 
direct business benefits 
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Figure 2-12. Virtualization in cloud computing 


WS009 / VS0091.0 
Notes: 


An effective cloud computing deployment is built on a dynamic application infrastructure 
and is highly optimized to achieve more results with fewer resources. 
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Hypervisors 

e Virtualization software that allow multiple operating systems to run on 
the same computer concurrently 

e Use a thin layer of code in software or firmware to achieve fine- 
grained, dynamic resource sharing 

e Provide the greatest level of flexibility in how virtual resources are 
defined and managed 

e Primary technology of choice for system virtualization 

e May mediate access to: 

— Memory 

Data storage, 

Processing capacity 

Network connections 

e An example of a hypervisor is VMware ESX 
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Figure 2-13. Hypervisors WS009 / VS0091.0 


Notes: 


In the early days of computing, the operating system was called the supervisor. With the 
ability to run operating systems on other operating systems, the term hypervisor resulted. 


Hypervisors are virtualization software that allow multiple operating systems to run on the 
same computer concurrently. 


Hypervisors use a thin layer of code in software or firmware to achieve fine-grained, 
dynamic resource sharing. 


Because hypervisors provide the greatest level of flexibility in how virtual resources are 
defined and managed, they are the primary technology of choice for system virtualization. 


Hypervisor might mediate access to: 
e Memory 
e Data storage 
e Processing capacity 


e Network connections 
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An example of a hypervisor is VMware ESX. 


VMware ESX are “bare-metal” hypervisor architectures, meaning that they install directly 
on top of the physical server and partition it into multiple virtual machines that can run 
simultaneously, sharing the physical resources of the underlying server. Each virtual 
machine represents a complete system, with processors, memory, networking, storage and 
BIOS, and can run an unmodified operating system and applications. 


For more information see: 
http: //ww.vnware.com/products/vsphere/esxi-and-esx/index .html, Sept. 28, 2010 
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Comparing non-virtualized versus virtualized systems 


© Non-virtualized system (2) Virtualized system 
Component Component Component Component 
Application A Application B Application A Application B 
Generic OS Generic OS 

Operating system A||Operating system B 


| peace N 


Server Server 
Virtual hardware A\ |Virtual hardware B 
Server 
Hardware C 


Generic OS Generic OS 
Operating system A||Operating system B 
Server Server 
Hardware A Hardware B 
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Figure 2-14. Comparing non-virtualized versus virtualized systems WS009 / VS0091.0 


Notes: 
1. Non-virtualized system: 


Because each system has its own separate hardware, the amount of processing power 
that is available to each application is fixed. 


If application A comes under heavy use, it might run slowly, while application B might be 
idle. Thus, the processing capacity on hardware B might be underused. 


2. Virtualized system: 


By running both applications on the same hardware through a hypervisor, you can 
direct resources to the system that needs them. 


With systems A and B virtualized on the same hardware, the hypervisor can provide 


more processing capacity and memory to the application that is being used more 
heavily. 
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Type 1 hypervisors 


e Type 1 (native or bare metal) hypervisors run directly on the system 
hardware 


i 


[| Application P] Application [| Application 


Operating system Operating system = Operating system 


Hypervisor 


The figure shows one physical system with a type 1 hypervisor 
running directly on the system hardware, and three virtual systems 


using virtual resources provided by the hypervisor. 
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Figure 2-15. Type 1 hypervisors WS009 / VS0091.0 


Notes: 

Type 1 (native or bare metal) hypervisors run directly on the system hardware. 

Type 1 hypervisors are typically the preferred approach because they can achieve higher 
virtualization efficiency by dealing directly with the hardware. 

Type 1 hypervisors provide higher performance efficiency, availability, and security than 
type 2 hypervisors. 
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Type 2 hypervisors 


e Type 2 (or hosted) hypervisors run on a host operating system that 
provides virtualization services, such as I/O device support and 
memory management 


= Operating system Operating system Operating system 
0 0 


oa 
Application Application Application 


The figure shows one physical system with a type 2 hypervisor running 
on a host operating system and three virtual systems using the virtual 
resources provided by the hypervisor. 
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Figure 2-16. Type 2 hypervisors WS009 / VS0091.0 


Notes: 


Type 2 (or hosted) hypervisors run on a host operating system that provides virtualization 
services, such as I/O device support and memory management. 


Type 2 hypervisors are used mainly on client systems where efficiency is less critical. 


Type 2 hypervisors are also used mainly on systems where support for a broad range of I/O 
devices is important and can be provided by the host operating system. 
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Provisioning and deprovisioning 


e Provisioning provides resources availability to users and software 
— Aprovisioning system controls applications available to users 
— And controls servers resources available to applications 
e Deprovisioning provides resources reduction to users and software, 
while deallocating back-end resources 
— Hardware 
— Software 
e Self-service provisioning allows customers to request the amount of 
computer services without going through a lengthy process. 
— Computing 
— Storage 
— Software 
— Process 
— Other resources 


e Eliminates many time delays 
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Figure 2-17. Provisioning and deprovisioning WS009 / VS0091.0 


Notes: 


Mature virtualization technologies enable hosting providers to provision new environments 
for their customers very rapidly, and decommission them immediately when no longer 
required. 
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Multitenancy 


e Cloud services must enable multitenancy — different companies 
sharing the same underlying resources 
e Software as a service modes of multitenancy: 


— Simple multitenancy — each customer has his own resources, which are 
segregated from other customers 


— This form of multitenancy is relatively inefficient 


— Fine grain multitenancy — all resources are shared, but the customer data and 
access Capabilities are segregated within the application 


— This form of multitenancy is much more efficient offering superior economies of 
scale 


e Platform as a service modes of multitenancy: 


— This delivery model architecture allows multiple customers to run their copy 
separately from other customers through virtualization 


— Each customers code is isolated from each other 
e The key technical challenge of multitenancy is how to support multiple 
client organizations from shared instances of the software solution 
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Figure 2-18. Multitenancy WS009 / VS0091.0 


Notes: 


Multitenancy is the ability to deliver an application to multiple client organizations from a 
single instance of software. When building software as a service applications, or platforms 
as a service, organizations should design applications with multitenancy in mind to 
minimize the per-tenant cost of delivery. Technical challenges associated with building a 
multitenant application include access control, customization (data, user interface, and 
business logic) and isolation of data. 


Note: The software as a service (SaaS) and platform as a service (PaaS) delivery models 
are covered in a later unit. 


2-24 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


Types of tenancy 


Simple multitenancy Fine grained multitenancy 
Client LCa Ta 


Client —> 
Client —> 
Client —> 
Client —»> 
© Copyright IBM Corporation 2010 
Figure 2-19. Types of tenancy WS009 / VS0091.0 


Notes: 


Simple multitenancy is also referred to as single-tenancy. Fine grained multitenancy is 
sometimes referred to as multitenancy. 


In the diagram, the simple multitenancy architecture has five customers leveraging a cloud 
which directs each customer to their own database. The fine grained multitenancy has five 
separate customers using a cloud that leverages a single database partitioned into five 
instances. 
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Application programming interfaces (API) 


Cloud services should have standardized application programming 
interfaces (API) 


The interface defines how two or more applications and data sources 
can communicate with each other 

— Multiple applications communicating 

— Multiple data sources communicating 

The cloud API allows customers (companies) infrastructure or 
application to plug into the cloud 

Currently, different cloud vendors are developing different APIs 
Cloud APIs have not been standardized yet 


— Beware of vendor API lock-in 
— API integration may include SOAP and REST APIs | = 


© Copyright IBM Corporation 2010 


Figure 2-20. Application programming interfaces (API) WS009 / VS0091.0 


Notes: 


APIs are a collection of programming interfaces that provide access from one computer 
system into another computer system’s software. 
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Billing and metering of services 


e To calculate the customer charge, cloud usage is tracked via metered 
services 
— The billing service is automated 
— Customer should be able to monitor usage 
e Billing services normally track: 
— Number of users 
— Capacity used 
— Services leveraged 
e Metered services normally provide: 
— A dashboard providing insight into application and services running in the cloud 
— SLA being met in the cloud 
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Figure 2-21. Billing and metering of services WS009 / VS0091.0 


Notes: 
Cloud environments have built-in services that bill customers. 
To calculate the customer charge, cloud usage is tracked via metered services. 
e The billing service is automated. 
e Customers should be able to monitor usage. 
Billing services normally track: 
¢ Number of users 
e Capacity used 
e Services leveraged 
Metered services normally provide: 
¢ A dashboard providing insight into application and services running in the cloud 


e SLA being met in the cloud 
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Potential problems may arise if service level agreements (SLA) are not clear up front and 
cloud providers add too many incidental charges. 
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Economies of scale 


e Economies of scale refers to the cost advantages that an IT 
organization obtains due to expansion 
— The average cost per unit decreases as the scale of output increases 


— Reductions in unit cost as the size of a facility and the usage levels of other 
inputs increase 


— The more computer resources being used, the cheaper the price per resource 

e Cloud computing economies of scale promises to dramatically reduce 
the cost of computing over time and inevitably lead to greater adoption 
of the technology 
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Figure 2-22. Economies of scale WS009 / VS0091.0 


Notes: 


Economies of scale refers to the cost advantages that an IT organization obtains due to 
expansion. 


e The average cost per unit decreases as the scale of output increases. 


¢ Reductions in unit cost as the size of a facility and the usage levels of other inputs 
increase. 


¢ The more computer resources being used, the cheaper the price per resource. 


Cloud computing economies of scale promises to dramatically reduce the cost of 
computing over time and inevitably lead to greater adoption of the technology. 


Better communication prices: large data centers are positioned to negotiate better 
prices with communication providers, purchasing a great deal of bandwidth without 
paying such a high rate per gigabyte for a guaranteed service. 


Network virtualization is gained if the network is tailored to support the networking 
hardware. For example, Google designs its own switches. 
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2.2. Management, tooling, and automation in cloud computing 
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Management, tooling, and 
automation in cloud 
computing 


~ 
Kee A 


n © Copyright IBM Corporation 2010 
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Figure 2-23. Management, tooling, and automation in cloud computing WS009 / VS0091.0 
Notes: 
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Management: Governance 


e Governance is the process of applying policies relating to using 
services 


e Governance normally contains the principles and rules in which an 
organization should act 


— This includes automatic and manual processes, and the procedures for 
implementing these processes 


e Cloud governance is the shared responsibility between the user of the 
cloud services and the cloud provider 


— Understanding the boundaries of the user and cloud is critical to ensuring 
success 
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Figure 2-24. Management: Governance WS009 / VS0091.0 


Notes: 
IT governance does the following: 


e Ensures that IT assets are implemented and used in accordance with agreed upon 
procedures and policies 


¢ Ensures that IT assets are properly maintained and controlled 


e Ensures that IT assets are providing the proper value — that is, supporting the 
organizations strategy and business goals 


Cloud governance is the shared responsibility between the user of the cloud services and 
the cloud provider. 


e Understanding the boundaries of the user and cloud is critical to ensuring success. 
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Governance: Risk list 


Considerations when moving into a cloud environment include: 


e Audit and compliance risk as to data access control, data jurisdiction, 
and maintaining an audit trail 


e Billing risks: ensuring the cloud provider has a solid process to ensure 
accurate billing 


e Contract risks: what if the cloud provider goes out of business? 
e Security risks: data confidentiality, data integrity, and privacy 

e Information risks: protection of intellectual property 

e Interoperability risks: multiple services must interoperate 


e Performance and availability risk: are service levels being met and key 
performance indicators being maintained? 
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Figure 2-25. Governance: Risk list WS009 / VS0091.0 
Notes: 
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Management: Desktops in the cloud 


e In a virtualized desktop (desktop in the cloud), the applications, data, 
files, and graphics are separate from the physical desktop and stored in 
the data center (the cloud) 


e The most widely-used approach is virtual desktop infrastructure (VDI): 


— The virtual client is created on the server 


— Users have what appears to be a complete client desktop with access to all 
applications, data, and files, but they are actually just a virtual session on the 
server 


— However, the graphics are being sent to the client 
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Figure 2-26. Management: Desktops in the cloud WS009 / VS0091.0 


Notes: 
The four types of client virtualized desktops are: 
e Session-based computing: the user is running a session on the server. 


¢ Operating system streaming: the client operating system software is passed to the 
device — but only as much as needed. Some of the processing is occurring on local 
disk and in memory; the application, data, files and graphics are split between the client 
and server, streamed to the client when needed. 


e Virtual desktop infrastructure (VDI): the virtual client is created on the server. The 
user has what appears to be a complete client desktop with access to all applications, 
data, and files, but they are actually just a virtual session on the server. However, the 
graphics are being sent to the client. Today, this is the most widely used approach. 
Quite possibly, this class is using this approach with student ESX images. VMware and 
Citrix both provide these capabilities. 


© Copyright IBM Corp. 2010 Unit 2. Cloud computing concepts 2-35 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


e PC blade: A server blade is an entire computer contained on a single blade slotted into 
a blade cabinet. A server blade can contain a number of PC blades. The desktop is a 
thin client used to access the PC blade. 
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Management: Managing devices in the cloud (1 of 2) 


e Managing assets 


Establish a detailed hardware asset register: a record itemizing all hardware 
assets 


Establish a software register: a record itemizing all software assets 
Control software licensee: track all software licenses 
Manage device costs: retire unused devices 
e Monitoring services 
— Application monitoring 


— Clarify service level agreements 

— Automated client backup 

— Remote management and maintenance 
— Client recovery 

— Failure analysis 


© Copyright IBM Corporation 2010 


Figure 2-27. Management: Managing devices in the cloud (1 of 2) WS009 / VS0091.0 


Notes: 


These are the management issues that need to be dealt with when running virtualized 
client desktops in the cloud: 


e Managing assets: 


Establish a detailed hardware asset register: a record itemizing all hardware assets. 


Establish a software register: a record itemizing all software assets. 


Control software licensee: track all software licenses. 
- Manage device costs: retire unused devices. 
e Monitoring services 


- Application monitoring: monitor client, network and application to identify poor 
performance. And map costs to actual application usage. 


- Service level maintenance: unclear service level agreements (SLA) are hard to 
monitor. 
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- Automated client backup: reduce the risk of data lost and shorten recovery time. 


- Remote management and maintenance, reduce costs by allowing for remote 
management and maintenance; especially on global assets. 


- Client recovery: restore client system and upgrades. 


- Root-cause analysis: gather information on failures, both hardware and software; 
this information may lead to faster recoveries, and reduce the probability of a similar 
future problem. 
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Management: Managing devices in the cloud (2 of 2) 


e Change management 
— Hardware provisioning 
— Software distribution and upgrade 
— Patch management 
— Configuration management 
e Security 
— Secure access control 
— Identity management 
— Integrated threat management 
— Automated security policy 
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Figure 2-28. Management: Managing devices in the cloud (2 of 2) WS009 / VS0091.0 


Notes: 


These are further management issues that need to be dealt with when running virtualized 
client desktops in the cloud: 


¢ Change management: 


- Hardware provisioning: rapid deployment of devices minimizes the time needed to 
support staff changes. 


- Software distribution and upgrade: the ability to distribute software to device 
throughout the cloud. 


- Patch management: automated patch management reduces the risk associated with 
bug fixes (patches are fixes to bugs). 


- Configuration management: automate the configuration settings in the desktop or 
cloud environment. 


e Security: 
- Secure access control: password protection, authentication, and access control. 
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- Identity management: global content in all authorized resources in the cloud. 
- Integrated threat management: includes three types of threat management: 
1) Virtual private networks 
2) Intruder-detection systems 
3) While-listing programs that are allowed to run 


- Automated security policy: technology and process can be used to manage some 
aspects of security with policy. 
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Tooling 


e Tooling should aid application development, packaging, and 
deployment in a way that makes the finished project portable across 
multiple cloud infrastructures 

e Tools can assist with: 

— Allocation of physical resources, internal and external 
— Asset management 
— Resource virtualization 

e Tools should guide users through the physical makeup of the cloud 

based on the expected demand characteristics of the system 
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Figure 2-29. Tooling WS009 / VS0091.0 


Notes: 


Each layer of the cloud environment (infrastructure, platform, and application) contains 


tools: 
e Look for tools that are open, not necessary tied to the cloud provider. 
e If you switch cloud providers, do you need to learn all new tools? 
e Open standards may be key to providing more flexibility. 


Tooling should aid application development, packaging, and deployment in a way that 
makes the finished project portable across multiple cloud infrastructures. 


In the infrastructure layer, tools help the cloud provider build out the infrastructure. 
Tools can assist with: 

e Allocation of physical resources, internal and external 

e Asset management 


«e Resource virtualization 
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Tools should guide users through the physical makeup of the cloud based on the expected 
demand characteristics of the system. 
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Automation 


e Automation is required for: 
— Scale and speed of deployment N 
— Dynamics of the environment 
— Cost of deployment 
e Automation goes hand-in-hand with virtualization 
— Acloud environment implies dynamic scaling based on demand 


— Implementing a manual process for this is too time consuming 


— Applications are structured in “independent blocks” that can be easily added or 
removed 


— Implementing virtualization assists with automation 
— Automation realizes the value of virtualization: dynamic scaling 
e Service automation used for security: 


— An automated way to analyze and manage security flows and processes in 
support of security compliance audits 


— Reporting any events which violate security policies or customer licensing issues 


© Copyright IBM Corporation 2010 


Figure 2-30. Automation WS009 / VS0091.0 
Notes: 
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Security 


e Cloud computing presents an added level of risk because essential 
services are often outsourced to a third party 


— The externalized aspect of outsourcing makes it harder to maintain data integrity 
and privacy, support data and service availability, and demonstrate compliance 


e Cloud computing shifts much of the control over data and operations 
from the client organization to its cloud provider 


— Clients must establish a trust relationship with the providers and understand the 
risks 


— A trust but verify relationship is critical 
e Security areas to focus on include: 
— Recognizing security risks 
— Carrying out required security tasks 
— Managing user identity 
— Using detection and forensics programs 
— Encrypting data 
— Creating a security plan 
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Figure 2-31. Security WS009 / VS0091.0 


Notes: 


Security will be covered in much greater detail in the unit on security. This slide only 
highlights some major areas of focus for security. 
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Unit summary 


Having completed this unit, you should be able to: 


Describe how cloud computing leverages the Internet 
Describe elasticity and scalability 

Define virtualization 

List the characteristics of virtualized environments 
Define hypervisors 

Compare virtualized and nonvirtualized systems 
Describe the types of hypervisors 

Explain provisioning and deprovisioning 

Describe multitenancy 


Describe management in cloud computing, including governance, 
tooling, and automation 
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Figure 2-32. Unit summary WS009 / VS0091.0 
Notes: 
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Checkpoint 


1. True or False: Cloud computing is a new delivery model inspired by the 
Internet. 


2. True or False: Cloud computing reduces the level of risk for the customer. 
3. Match the following description with its correct definition: 
The ability to expand and shrink resources . Hypervisor 


Make one physical resource appear as . Economies of scale 
multiple virtual resources 


The ability to run an Operating System on . Multitenancy 
another Operating System 


Provide resource availability to users and . Virtualization 
software 


Different companies sharing the same . Elasticity 
underlying resource 


Cost advantages that a IT organization . Provisioning 
obtains due to expansion 
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Figure 2-33. Checkpoint WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Checkpoint answers 


1. True or False: Cloud computing is a new delivery model inspired by the Internet. 


2. True or False: Cloud computing does not normally reduce the level of risk for the 
customer. Cloud computing introduces new security threats as it introduces an 
additional layer of complexity. With additional layers come additional risks. 


3. Match the following description with its correct definition: 


The ability to expand and shrink resources É: 


Make one physical resource appear as D. 


multiple virtual resources 


The ability to run an Operating System on A. 


another Operating System 


Provide resource availability to users and 
software 


Different companies sharing the same 
underlying resource 


Cost advantages that a IT organization 
obtains due to expansion 


Elasticity 


Virtualization 
Hypervisor 
Provisioning 
Multitenancy 


Economies of scale 


© Copyright IBM Corporation 2010 


Figure 2-34. Checkpoint answers 


Notes: 


WS009 / VS0091.0 
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Unit 3. Cloud service delivery models 


What this unit is about 


This unit covers the delivery models used in cloud computing. 


What you should be able to do 


After completing this unit, you should be able to: 


Describe the service delivery models of cloud computing 


Explain software as a service (SaaS) 


Explain platform as a service (PaaS) 


Explain infrastructure as a service (laaS) 


Describe additional cloud services 


Illustrate a reference architecture for the PaaS cloud computing 
model 


How you will check your progress 


e Checkpoint 


References 


http: //csrc.nist .gov/groups/SNS/cloud-computing/ 
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Unit objectives 


After completing this unit, you should be able to: 

e Describe the service delivery models of cloud computing 

e Explain software as a service (SaaS) 

Explain platform as a service (PaaS) 

e Explain infrastructure as a service (laaS) 

Describe additional cloud services 

Illustrate a reference architecture for the PaaS cloud computing model 


© Copyright IBM Corporation 2010 


Figure 3-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Cloud service models 


Software as a service (SaaS) 

— Use of software or applications that are delivered via a network 
Platform as a service (PaaS) 

— The middleware platform and solution stack are accessible on the cloud 
Infrastructure as a service (laaS) 

— Provision servers, storage, and networking resources 


e To be considered a “cloud service model” these models must be 
deployed on top of an infrastructure that has the key characteristics of 


clouds 
© Copyright IBM Corporation 2010 
Figure 3-2. Cloud service models WS009 / VS0091.0 
Notes: 


Software as a service (SaaS): 


In the software as a service model, the same software or applications are provided to 
different customers, or consumers via a network, usually the Internet. The software no 
longer resides on the consumer’s workstation. Instead, the consumer accesses the 
provider’s applications running on a cloud infrastructure using various client devices 
through a thin-client interface such as a web browser. A good example could be web-based 
email running on a cloud infrastructure. 


Platform as a service (PaaS): 


In this model, the computing platform and solution stack are made available as a service. 
Customers can develop, test, and deploy their applications on the cloud. 


Infrastructure as a service (laaS): 


In the infrastructure as a service model, the consumer can provision fundamental computer 
resources such as processors, storage, and networking resources. 
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Middleware is defined as: “Software that acts as an intermediate layer between 
applications or between client and server. It is used most often to support complex, 
distributed applications in heterogeneous environments.” 
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Cloud service model architectures 


Cloud infrastructure | | Cloud infrastructure | | Cloud infrastructure 


laaS Software 
PaaS PaaS as a service 
(SaaS) 
SaaS SaaS architectures 


Cloud infrastructure | | Cloud infrastructure 
laas Platform 


PaaS PaaS as a service 
(PaaS) 


architectures 


Cloud infrastructure 


laaS Infrastructure 

as a service 
(laaS) 

architectures 


© Copyright IBM Corporation 2010 


Figure 3-3. Cloud service model architectures WS009 / VS0091.0 


Notes: 

SaaS = application as a service 
PaaS = platform as a service 
laaS = infrastructure as a service 


Notice that each service model builds on the cloud infrastructure, and each service model 
higher up on the slide is more restrictive in the resources it makes available to the client. 


Recall that to be considered a “cloud service model” these models must be deployed on 
top of an infrastructure that has the key characteristics of clouds. This is depicted by the 
box labeled “cloud infrastructure” in the diagram. 


These services model architectures can be used together, in which case, the client has 
access to all resources of the service model stack that have been provided. 


The SaaS model delivers only applications to the user. It may conceivably be used as part 
of a PaaS or laaS architecture, in which case the user has access to the platform and the 
infrastructure, respectively. 


© Copyright IBM Corp. 2010 Unit 3. Cloud service delivery models 3-5 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


On its own, the SaaS model is the least flexible — you only get to use the application. If you 
add PaaS, you can create, deploy, and test the application, so you have more flexibility in 
how the application performs. Finally, adding laaS gives the ability to add or remove 
system resources such as servers, data storage, firewalls, and so forth. Having access to 
all three service models gives you the most flexibility for optimizing your environment. 
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Infrastructure as a service (laaS) architecture 


Cloud infrastructure 
laas 


e An infrastructure provider (IP) makes an entire computing infrastructure 
available “as a service” 


e IPs manage a large pool of computing resources and use virtualization 
to assign and dynamically resize the resources required by customers 


e Customers rent processing capacity, memory, data storage, and 
networking resources that are provisioned over a network 


© Copyright IBM Corporation 2010 


Figure 3-4. Infrastructure as a service (laaS) architecture WS009 / VS0091.0 


Notes: 


An infrastructure provider (IP) makes an entire computing infrastructure available “as a 
service”. The IP uses the cloud to outsource the provision of the computing infrastructure 
required to host services. 


Rather than purchasing servers, data storage, and networking equipment, customers rent 
these resources provisioned over a network. 


The ability to support an laaS architecture is through a combination of some of the special 
characteristics of cloud computing. They include dynamic provisioning, fine-grained 
measurement and metering, virtualization, broadband access, and flexible billing. 
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Infrastructure as a service (laaS) details 
e laaS > 


Infrastructure services 


Virtualized infrastructure — 
Server, storage, network, facilities 
Infrastructure for hosting cloud services, 
dynamic provisioning 


v v v 
Servers Storage Networks 


B- 
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Figure 3-5. Infrastructure as a service (laaS) details WS009 / VS0091.0 


Notes: 


Infrastructure services are built on top of a standardized, secure, and scalable 


infrastructure. Some level of redundancy needs to be built into the infrastructure to ensure 
the high availability and elasticity of resources. 


Next, it must be virtualized. Virtualized environments make use of server virtualization, 
typically from VMware, XEN, and others, as the basis of running services. These services 
need to be readily provisioned and deprovisioned using software automation. 
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Platform as a service (PaaS) architecture 


Cloud infrastructure | | Cloud infrastructure 
laaS 
PaaS PaaS 


e Service provider (SP) supplies the software platform or middleware 
where the applications run 


e Service user is responsible for the creation, updating, and maintenance 
of the application 


e The sizing of the hardware required for the execution of the software is 
made in a transparent manner 


e Google App Engine is an example of PaaS 


e IBM Smart Business Development and Test Cloud is an example of 
PaaS 


© Copyright IBM Corporation 2010 


Figure 3-6. Platform as a service (PaaS) architecture WS009 / VS0091.0 


Notes: 


Under the PaaS model, the service provider (SP) supplies the software platform or 
middleware on which the applications run. The user of the service is responsible for the 
creation, updating, and maintenance of the application. 


Platforms in the cloud are an interesting offering that takes the pain away from having to 
set up and configure the software platform or middleware. 
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Platform as a service (PaaS) details 
e PaaS > Middleware services 


Application 


Database Messaging server 


; Web 2.0 
Java runtime E 


process 
management 


[ranem 3 
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Figure 3-7. Platform as a service (PaaS) details WS009 / VS0091.0 


Notes: 
As with infrastructure services, PaaS should be a self-managed platform. 


A provisioning engine is used to deploy the middleware services, as well as tearing them 
down and freeing resources for reuse. 


Platforms may offer additional functions to support developers, such as: 
- Development and testing environments 
- Support for integrated development environments (IDEs) and runtimes 
- Support for advanced workflow software and tools 
e Integration services 


- Tools and runtimes that support integration, such as connectors, or an enterprise 
service bus 


e Source code management 
- Tools and services that support version control and change management 
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Platform as a service (PaaS) patterns 


e Patterns are reusable elements that solve recurring business problems 


e Pattern-based middleware is optimized for automatically assembling 
software components into dynamic middleware services 


Middleware services 


© Copyright IBM Corporation 2010 


Figure 3-8. Platform as a service (PaaS) patterns WS009 / VS0091.0 


Notes: 


A design pattern can be described as “a named description of a proven design solution to a 
recurring problem, within a given context.” 


Pattern-based middleware is a grouping of middleware products and runtimes that can be 
automatically assembled into dynamic middleware services. 
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Examples of PaaS software 


e WebSphere software WebSphere. software 
— Configured middleware 
topology 
= Clusters, ign HTTP ClusterMember1 


availability, server 


extreme scale Web EJB 
[a= Plug-in container || container 


Load balancer 


} 
Internet 
ae E 


HTTP ClusterMember2 
server 


Web EJB 
[T= Plug-in container || container 
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Figure 3-9. Examples of PaaS software WS009 / VS0091.0 


Notes: 
IBM delivers many products in the WebSphere brand as PaaS middleware-aware topology 
patterns. 


An example of the use and deployment of these PaaS patterns is provided in the unit on 
IBM WebSphere CloudBurst and IBM WebSphere Hypervisor Edition. 
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Software as a service (SaaS) architecture 


Cloud infrastructure | | Cloud infrastructure | | Cloud infrastructure 


laaS 
PaaS PaaS 


SaaS SaaS 


e Service provider (SP) is responsible for the creation, updating, and 
maintenance of software and application 


e Service user accesses the service through Internet-based interfaces 


© Copyright IBM Corporation 2010 


Figure 3-10. Software as a service (SaaS) architecture WS009 / VS0091.0 


Notes: 


Under the SaaS model, the software provider is responsible for the creation, updating, and 
maintenance of software, including the responsibility for licensing the software. Customers 
usually rent the software on a per usage basis, or buy a subscription to access it, which 
includes a separate license for each person that uses the software. 


In this model, the service user only needs to access the service itself, and not the platform 
or the infrastructure the service is running on. The service is usually accessed as a web 
application or as a wrappered web services application invoked using web services APIs. 
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Software as a service (SaaS) details 


e SaaS > Application services 


Collaboration 


Enterprise 
applications 


Business Industry 
processes applications Analytics 


© Copyright IBM Corporation 2010 
Figure 3-11. Software as a service (SaaS) details 


WS009 / VS0091.0 
Notes: 


With SaaS, users can access function-rich, prebuilt applications designed specifically 
around their service. 
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Examples of SaaS applications TE E 


È Pipeline Health Check * - Report Studio - Microsoft Internet Explorer LotusLive 
; Data Run To 


DSHsmeaxceo amr Bel e tizan 82 Ga am ad’ Analytics — Cognos 
Beene alicenes 


Pipeline Health Check for Region: <Office> 


Revenue / Yield : per Sales Step d 3 
Revenue Underway: <Totatyield> 
Likely Additional Yield: <LikelyYVield> 
Shortfall to Go: <Shortfatt> 


PALL amis Remaining Shortfall to Go: <ShortfaltTo€ 


<Win Odds» <Reverwe> <Tield> 
<Win Odds> <feverwe> <Tieid> 


x New Opportunities Required: 
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(Default Legend Ti 
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Figure 3-12. Examples of SaaS applications WS009 / VS0091.0 


Notes: 


An example of software as a service cloud application for collaboration is IBM LotusLive; 
an example for analytics is the Cognos Business Intelligence reporting and analytic 
software. 


Further information on these SaaS applications is provided in the unit on IBM cloud 
computing architecture and offerings. 
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Trade-off in cost to install versus flexibility 


High Native install 
Server virtualization 
(laaS) 
Cost Re 
Middleware-aware l 
topology patterns ; 
i 
. . I 
Application patterns | 
I 
Low 
High Flexibility Low 
© Copyright IBM Corporation 2010 
Figure 3-13. Trade-off in cost to install versus flexibility WS009 / VS0091.0 
Notes: 


This diagram shows the trade-off between cost and savings in using standardized services 
(on the lower right) and the higher cost (although greater flexibility) of building your own 
custom environment (upper left of the diagram). 
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Other cloud service models 


e Data as a service 


— Google Public Data Explorer lets you create your own visuals from Google App 
data 


— Assumes some public data already exists in the Cloud 
e Testing as a service 


— Within IBM, the Integrated Test Enablement (ITE) cloud has been created to 
provide a common automation and test strategy for developers across the 
various IBM product brands 


— Used to create reusable test assets 
e Integration as a service 

— Cast Iron (now part of IBM) 

— Boomi 
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Figure 3-14. Other cloud service models WS009 / VS0091.0 


Notes: 


A number of other service candidates have identified by market trends. These include such 
models as data as a service, testing as a service, and integration as a service. 


Data as a service: 
Google Public Data Explorer lets you create your own visuals from Google App data 
Assumes some public data already exists in the cloud. 

Testing as a service: 


Within IBM, the Integrated Test Enablement (ITE) cloud has been created to provide a 
common automation and test strategy for developers across the various IBM product 
brands. 


However, for the most part, these models could just as well fall into the SaaS or PaaS 
models. 


In fact, the ITE cloud positions itself as a PaaS. 


Cast Iron positions itself as a leading integrator of SaaS applications. 
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Boomi’s Atmosphere product is marketed as connecting any combination of SaaS. 


3-18 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


Common cloud management platform reference architecture: 
Architecture overview diagram 


Cloud service provider 


Cloud services 
IT capability provided to 


Cloud service cloud service consumer 


Cloud service | 


consumer developer 
Common cloud management platform Service 
APIs ; development 
BSS — business support system tools 
Manages the business aspects 
of cloud service instances 
SLAs 
OSS — operational support system 
Instantiates and manages 
cloud service instances 
Security and resiliency 
Virtualized infrastructure — 
server, storage, network, facilities 
Infrastructure for hosting cloud services 
and common cloud management platform 
© Copyright IBM Corporation 2010 
Figure 3-15. Common cloud management platform reference architecture: Architecture overview diagram WS009 / VS0091.0 
Notes: 


This slide shows the common cloud management architecture in the context of the PaaS 
service delivery model. 


The business support system (BSS) enables capabilities such as subscription services for 
a pay-per-usage model. 


The OSS layer is responsible for making resources available on demand, and for the 
security of the environment. 


The cloud service provider makes cloud services available through its application 
programming interfaces (APIs) to the cloud service consumer. 


To instantiate a new cloud instance, the service consumer sends a request to the cloud 
provider. The request is delegated to the operational support system or OSS that initiates 
and manages cloud service instances. Once a new instance of the cloud has been created 
and the response has been sent to the user 
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Common cloud management platform 


Common cloud management platform 


Service 
: Reporting Service Service 
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BSS OSS 
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Service Service 
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Security and resiliency 
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Figure 3-16. Common cloud management platform WS009 / VS0091.0 


Notes: 


The cloud management platform enables you to manage, deploy, and automate business 
applications on the cloud. The operational support services manages the creation of cloud 
service instances. The business support services manages the business aspects of cloud 
service instances, including things like measuring and metering, reporting, and analytics. 


Depending on the environment, the user interface to the cloud management platform can 
be anything from a comprehensive portal interface, to a simple API. These programming 
interfaces manage the virtual machine images and the virtualized infrastructure. 
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Unit summary 


Having completed this unit, you should be able to: 

e Describe the service delivery models of cloud computing 

Explain software as a service (SaaS) 

Explain platform as a service (PaaS) 

Explain infrastructure as a service (laaS) 

Describe additional cloud services 

Illustrate a reference architecture for the PaaS cloud computing model 
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Figure 3-17. Unit summary WS009 / VS0091.0 
Notes: 
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Checkpoint 


1. True or false: A design pattern can be described as “a named 
description of a proven design problem to a recurring solution, within a 
given context”. 


2. True or false: Using a prebuilt SaaS component gives you the most 
flexibility in tailoring the software. 


3. Match the following descriptions with the best definition: 


1) Service provider supplies the software or A. Platform as a service 
middleware where the applications run on 


2) An entire computing environment is made . Software asa 
available as a service service 


3) Service provider is responsible for the . Infrastructure as a 
creation and maintenance of the service 
application 
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Figure 3-18. Checkpoint (objective only) WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Checkpoint answers 


1. True or false: A design pattern can be described as “a named description of a 
proven design problem to a recurring solution, within a given context”. 
Correct answer: False. 
A design pattern can be described as: “A named description of a proven design 
solution to a recurring problem, within a given context” 


2. True or false: Using a prebuilt SaaS component gives you the most flexibility in 
tailoring the software. 
Correct answer: False. 


3. Match the following descriptions with the best definition: 


1) Service provider supplies the software or A. Platform as a service 
middleware where the applications run on 


2) Anentire computing environment is made C. Infrastructure as a 
available as a service service 


3) Service provider is responsible for the . Software as a 
creation and maintenance of the service 
application 
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Figure 3-19. Checkpoint answers WS009 / VS0091.0 
Notes: 
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Unit 4. Cloud deployment scenarios 


What this unit is about 


This unit describes the various cloud deployment models. These 
include the private, public, community and hybrid cloud models. 


What you should be able to do 


After completing this unit, you should be able to: 


List the four major cloud deployment types 


Describe the features of private, public, hybrid, and community 
clouds 


List some additional cloud deployment types 


Select the most appropriate deployment model based on a set of 
business and technical requirements 


How you will check your progress 


e Checkpoint 


References 


http: //csrc.nist .gov/groups/SNS/cloud -computing/index. html 
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Unit objectives 


After completing this unit, you should be able to: 

e List the four major cloud deployment types 

e Describe the features of private, public, hybrid, and community clouds 
e List some additional cloud deployment types 


e Select the most appropriate deployment model based on a set of 
business and technical requirements 
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Figure 4-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Cloud deployment models 


The National Institute of Standards and Technology (NIST) defines four 
cloud deployment types: 
e Public cloud 
— Service provider lets clients access the cloud via the Internet 
— Made available to the general public or a wide industry group 
e Private cloud 
— The cloud infrastructure is used solely by the organization that owns it 
— May reside in-house or off premises 
e Hybrid cloud 


— Composed of two or more clouds (private, public, or community) that remain 
unique entities, but that can interoperate using standard or proprietary protocols 


e Community cloud 
— Shared by several organizations that have a common mission 


© Copyright IBM Corporation 2010 


Figure 4-2. Cloud deployment models WS009 / VS0091.0 


Notes: 


The National Institute of Standards and Technology (NIST) defines four cloud deployment 
types: public, private, hybrid, and community clouds. 


Public cloud: 
e Service provider lets clients access the cloud via the Internet 
e Made available to the general public or a wide industry group 
Private cloud: 
e The cloud infrastructure is used solely by the organization that owns it 
e May reside in-house or off premises 
Hybrid cloud: 


e Composed of two or more clouds (private, public, or community) that remain unique 
entities, but that can interoperate using standard or proprietary protocols 


Community cloud: 
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Shared by several organizations that have a common mission 
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Public clouds 


Multitenant infrastructure 
e Anyone may use 

e Functions vary 

e Fee arrangements vary 
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Figure 4-3. Public clouds WS009 / VS0091.0 


Notes: 


A public cloud is one in which a third-party provider makes resources, such as applications 
and other computing resources, to the general public via the Internet. A public cloud does 
not necessarily mean that it is free, although it can be free or inexpensive to use. It may be 
offered on a pay-per-usage model. 


The cloud service provider is responsible for setting up the hardware, software, 
applications, and networking resources. 


Public clouds do not imply that the user’s data is public. In many cases, access control 
mechanisms are required before the user can make use of cloud resources. 
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Private clouds 


e Secure, dedicated infrastructure 
e User buys or leases the cloud 
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Figure 4-4. Private clouds WS009 / VS0091.0 


Notes: 


With a private cloud, computing resources are pooled and managed internally. This 
provides for greater efficiencies. Resources can be applied dynamically according to 
demand. A private cloud allows the enterprise to continue to follow workflow and security 
procedures. This ensures that the correct level of “code” is executing. These types of 
clouds are not burdened by network bandwidth and availability issues or potential security 
exposures that may be associated with public clouds. Private clouds can offer the provider 
and user greater control, security, and resilience. 


The IBM Smart Business Development and Test Cloud is an example of a private cloud 
that can be installed on customer sites to provide on-demand provisioning of physical and 
virtualized test resources — including IBM and non-IBM components such as operating 
systems, middleware, storage, network, images, and data. 


For details of this offering, visit: www. ibm.com/cloud 
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Figure 4-5. Hybrid clouds WS009 / VS0091.0 


Notes: 


Hybrid clouds are combinations of public and private clouds that work together. 


In this model, IT typically outsources noncritical information and processing to the public 
cloud, while keeping business critical services and data in their control. 


The hybrid cloud environment works to seamlessly integrate external applications on other 
private and public clouds, with your in-house processes. 
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Community clouds 


e Used and controlled by a group of organizations 
with a shared interest 


e Private cloud purchased by a single user to 
support a community of users 


e Fees may be charged to subsidiaries 
e Functions vary _— public aaa 
e Common functions 


Private 
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— Storage Private Private 
= | | 
— Elasticity coud “ang 
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oe — 
© Copyright IBM Corporation 2010 
Figure 4-6. Community clouds WS009 / VS0091.0 


Notes: 


A community cloud can be a private cloud purchased by a single user to support a 
community of users, or a hybrid cloud with the costs spread over a few users of the cloud. 


A community cloud is often set up as a sandbox environment where community users can 
test their applications, or access cloud resources. 
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Figure 4-7. Virtual private clouds WS009 / VS0091.0 


Notes: 
A virtual private cloud (VPC) is dedicated to a single user within a public cloud. 


The virtual private cloud extends the customer network into the cloud provider’s “space”, 
making the additional resources available on demand. 


In this example, the customer can access a number of isolated subnets, or private IP 
address ranges, in the Amazon Web Services cloud. Traffic flowing between the VPC and 
the Internet is routed over the VPN connection so that it can be examined using the 
customer’s existing security and networking assets before heading to the public Internet. 
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Vertical and special purpose clouds 


e Vertical clouds 
— Clouds for particular industries 


— May contain information, applications, 
services for that industry 


e Horizontal clouds 
— Clouds for a purpose 


— Examples: development, 
test, collaboration, budgeting 


e Regional clouds 


— Localized 
— Compliant to government regulations 


© Copyright IBM Corporation 2010 


Figure 4-8. Vertical and special purpose clouds WS009 / VS0091.0 


Notes: 


This diagram shows some of the other cloud deployment types that may appear in cloud 
terminology. 


These cloud types may be considered subtypes of community clouds. 
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Migration paths for cloud adoption 


e Use public clouds 


— Smaller organizations can use resources provided by larger cloud service 
providers 


e Develop private clouds 

— Build or procure private clouds 

— Metering and chargeback 
e Build or procure community clouds 

— For organizations that share common goals 

— Shared infrastructure or sandbox environment 
e Use hybrid clouds 


— Balance workloads between clouds 
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Figure 4-9. Migration paths for cloud adoption WS009 / VS0091.0 


Notes: 
There is no single correct answer on how to get started using clouds. 


One suggestion is to sign up to use a public cloud such as the IBM Smart Business 
Development and Test Cloud or Amazon Elastic Compute Cloud (EC2). Once signed up, 
you have access to a predefined set of cloud resources. You can launch a cloud instance, 
connect to an instance, and terminate an instance. 


Smaller enterprises may use SaaS and public clouds to limit the growth of their data 
centers. 


A second approach is to build or procure your own private cloud. IBM provides a service to 
build a custom version of the Smart Business Development and Test cloud, and will install it 
at the customer’s site. 


When developing private clouds, you should also consider the metering of resources so 
that you can determine the costs of doing business in the cloud. 


Larger organizations may use a hybrid cloud infrastructure to balance workloads across 
internal and public clouds. 
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Selection criteria for cloud deployment types (1 of 4) 


e Private clouds 
— Provides a dedicated and secure infrastructure 
— Limited by the organization’s physical hardware and other resources 
— Can be run off premises by a third-party infrastructure provider 
— Does not require federated identity, location awareness, common APIs 


A Firewall 


Private 
cloud 
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Figure 4-10. Selection criteria for cloud deployment types (1 of 4) WS009 / VS0091.0 


Notes: 


Security issues may drive how organizations deploy cloud infrastructures. Private clouds 
have less of a security threat than community clouds, which in turn have less security 
threat than public clouds. 


With private clouds, the owner has complete control of the security mechanism and 
architecture. With other types of clouds, the organization may have to interface with other 
security implementations. 


With a private cloud, computing power is spread across the enterprise. Departments are 
not limited to simply their own departmental resources, and they can utilize other 
departments’ resources during periods of peak loads. 


Applications running on a private cloud are generally not required to deal with federated 
identity, location awareness, standards-based APIs, or common APIs for middleware. 


Note that running a private cloud still requires all of the governance and management that 
apply to IT. Requirements include an open client, security, metering and monitoring, and 
service level agreements. 
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Selection criteria for cloud deployment types (2 of 4) 


e Public clouds 
— Low cost data storage and disaster recovery solution 
— Expertise is provided 
— Easy access to public domain applications and storage such as Google Apps, 
Google Docs, and Gmail 


— Issues switching cloud providers 


laasS, Public 
VPC solution cloud 
F, 
LEE 
Open client A 
Enterprise SaaS Public 
cloud 
© Copyright IBM Corporation 2010 
Figure 4-11. Selection criteria for cloud deployment types (2 of 4) WS009 / VS0091.0 


Notes: 


Strong security controls are required for most cloud deployments. The organization hosting 
the public cloud is likely to perform all of the required due diligence to ensure the security of 
the user’s data. 


Using a public cloud as a data storage or disaster recovery solution may be a low-cost 
alternative to building your own. The cloud solution is a pay-per-usage basis, and the 
capital cost required to set up an in-house solution may be much higher. In this way, you 
are turning fixed costs into variable costs. 


Google allows Google Apps users to upload and store files in Google Docs. This is a cheap 
way for developers and users to use a cloud-based storage service to store and access 
their files. Users can access their data with a browser using any device. Access to the data 
is secured via password protection. 
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Selection criteria for cloud deployment types (3 of 4) 


e Community clouds 
— Shared infrastructure or hosted by a third-party 
— Shared costs 
— Shared mission, policy and compliance 
— Requires commitment from all parties 
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Figure 4-12. Selection criteria for cloud deployment types (3 of 4) WS009 / VS0091.0 


Notes: 


This types of cloud infrastructure can be shared by several organizations that support a 
specific community, such as health care or local governments. The benefit of this approach 
is the ability to easily share a vast array of resources among the participating community. 
Building this type of infrastructure requires a huge investment in terms of expertise, 
computing resources, and support. 


Some of the challenges include deciding who funds the capital costs to build the 
infrastructure, who is responsible for managing and maintaining the cloud, and legal 
compliance issues. 
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Selection criteria for cloud deployment types (4 of 4) 


e Hybrid clouds 
— Using services of vendors on private clouds costs money 


— Consider moving some systems to an off-premises data center with applications 
offered back as a service 


— Heightened security concerns 


Public cloud 


Private 
cloud 
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Figure 4-13. Selection criteria for cloud deployment types (4 of 4) WS009 / VS0091.0 


Notes: 


Instead of hosting all of your applications on your own private cloud, you can move some 
noncritical applications to an off-premises cloud hosted by a third-party provider that offers 
these back as a service. Or you can use alternative applications that are freely available in 
public clouds. 

A single vendor hybrid cloud solution such as VMware vCloud lets you federate resources 
between internal and external clouds. This is advantageous since you do not need to 
interface with different vendor APIs. 
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Case study example: IBM ITE cloud (1 of 3) 


e Integrated Test Enablement (ITE) cloud 
— IBM Software Group internal roll out of cloud technology, automation, and tooling 
for developers across the various brands in the organization 
e Mission: 
— Define common processes for accessing resources and capacity 
— Leverage cloud-based resources for high-volume testing 
— Deploy acommon automation strategy to produce reusable test assets 
— Utilize IBM Rational and Tivoli brand products as the common tooling 
infrastructure 
— Host common test services to drive cost and infrastructure efficiencies 
— Deploy test configurations within hours or minutes instead of days 


© Copyright IBM Corporation 2010 


Figure 4-14. Case study example: IBM ITE cloud (1 of 3) WS009 / VS0091.0 


Notes: 


The Integrated Test Enablement (ITE) cloud is an internal IBM Software Group initiative to 
provide cloud-based access to automation and test facilities for their software developers. 
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Case study example: IBM ITE cloud (2 of 3) 


The situation prior to using the ITE cloud: 


e Without ITE 
— Each team must reserve hardware for testing infrastructure 
— Each team incurs the direct cost to install and configure the infrastructure 


Test Lab 1 Test Lab 2 


Tester 1 =a Tester 2 
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Figure 4-15. Case study example: IBM ITE cloud (2 of 3) WS009 / VS0091.0 


Notes: 


Prior to using the ITE cloud-based solution, the teams for each brand within the IBM 
Software Group needed to provision their own hardware and network infrastructure. After 
these resources had been acquired and installed, each team had to install, configure, and 
deploy the software necessary to run their regression tests. 


The time and costs spent on procuring, configuring, and replicating the environment are 
replicated for each test lab environment. There is no sharing of resources, and so each 
team must create an environment that meets the peak loads for their test cases. 
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Case study example: IBM ITE cloud (3 of 3) 


e With the Integrated Test Enablement (ITE) cloud 


Test Lab 1 Test Lab 2 


ITE cloud 
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Figure 4-16. Case study example: IBM ITE cloud (3 of 3) WS009 / VS0091.0 


Notes: 


The diagram shows the ITE solution private cloud delivered as a platform as a service 
(PaaS) model. 


Each team requests an instance of the test tooling infrastructure that is provisioned for 
them from the ITE cloud. 


Each instance includes script and automation libraries to install the required testing 
software and test cases. 


The ITE cloud lets each team access all resources that they need from a pool of virtualized 
resources. These resources can be provisioned and deprovisioned dynamically, allowing 
for the elastic use of resources across the testing teams. 
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Unit summary 


Having completed this unit, you should be able to: 

e List the four major cloud deployment types 

e Describe the features of private, public, hybrid, and community clouds 
e List some additional cloud deployment types 


e Select the most appropriate deployment model based on a set of 
business and technical requirements 
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Figure 4-17. Unit summary WS009 / VS0091.0 


Notes: 
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Checkpoint 


1. Select the correct answer: 
A private cloud deployment has the following characteristic or 
characteristics: 
A. Heightened security requirements 
B. Is surrounded by a firewall 
C. Is run on the enterprise premises 
D. All of the above 


2. Select the correct answer: 
Which of these is /east likely to be an issue in private cloud 
deployments? 
A. Monitoring and measurement 
B. Security 
C. Governance 
D. Federated identity 
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Figure 4-18. Checkpoint (objective only) WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Checkpoint answers 


1. Select the correct answer: 
A private cloud deployment has the following characteristic or 
characteristics: 
A. Heightened security requirements 
B. Is surrounded by a firewall 
C. Is run on the enterprise premises 
D. All of the above 
Answer: B 


2. Select the correct answer: 
Which of these is /east likely to be an issue in private cloud 
deployments? 
A. Monitoring and measurement 
B. Security 
C. Governance 
D. Federated identity 


Answer: D 
© Copyright IBM Corporation 2010 
Figure 4-19. Checkpoint answers WS009 / VS0091.0 
Notes: 
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Demonstration 


, NI Requesting contract forms for 
/ à the IBM Smart Business 
| i Development and Test Cloud 


Man © Copyright IBM Corporation 2010 
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Figure 4-20. Demonstration 


WS009 / VS0091.0 


Notes: 
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Demonstration objectives 


After completing these demonstrations, you should be able to: 
e Request a contract for the IBM Smart Business Development and Test 
Cloud 


© Copyright IBM Corporation 2010 


Figure 4-21. Demonstration objectives WS009 / VS0091.0 


Notes: 
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Demonstration 


® Reviewing a contract for the 
/ \ IBM Smart Business 
| i Development and Test Cloud 
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Figure 4-22. Demonstration 


WS009 / VS0091.0 


Notes: 
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Demonstration objectives 


After completing these demonstrations, you should be able to: 
e Review a contract for the IBM Smart Business Development and Test 


Cloud 


© Copyright IBM Corporation 2010 
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Figure 4-23. Demonstration objectives 


Notes: 
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Demonstration instructions (optional) 


1. Extract Cloud_demos.zip to your hard drive, ensuring that you 
select Use folder names when extracting the file 


2. Navigate to \Cloud_demos; then double-click 
simulations.html1 to start the demonstrations 


3. Select Demonstration: Request contract forms for the IBM Smart 
Business Development and Test Cloud to run the first 
demonstration 


4. When completed, select Demonstration: Review a contract for the 
IBM Smart Business Development and Test Cloud to run the 
second demonstration 


© Copyright IBM Corporation 2010 


Figure 4-24. Demonstration instructions (optional) WS009 / VS0091.0 
Notes: 
4-26 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


Unit 5. Security in cloud computing 


What this unit is about 


This unit describes the security considerations in cloud computing. 


What you should be able to do 


After completing this unit, you should be able to: 


Review the integration of security into the cloud reference model 


Describe security considerations in cloud computing, including 
cloud security risks and cloud security breaches 


Identify security options available in cloud computing 


Formulate identity management techniques, including detection 
and forensics and encryption 


Identify the top security threats to cloud computing 


How you will check your progress 


e Checkpoint 


© Copyright IBM Corp. 2010 Unit 5. Security in cloud computing 5-1 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


Unit objectives 


After completing this unit, you should be able to: 
e Review the integration of security into the cloud reference model 


e Describe security considerations in cloud computing, including cloud 
security risks and cloud security breaches 


e Identify security options available in cloud computing 


Formulate identity management techniques, including detection and 
forensics and encryption 


Identify the top security threats to cloud computing 


© Copyright IBM Corporation 2010 


Figure 5-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Topics 


e Cloud security reference model 

e Cloud security risks 

e Principal security dangers to cloud computing 
Steps to reduce cloud security breaches 

e Identity management 

Detection and forensics 

Encryption techniques 


© Copyright IBM Corporation 2010 


Figure 5-2. Topics WS009 / VS0091.0 
Notes: 
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5.1. Cloud security reference model 
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Cloud security reference 
model 
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Figure 5-3. Cloud security reference model 


Notes: 
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Cloud reference model * The cloud computing model 


Presentation Presentation may be consider three 
modality platform subcomputing models: laaS, 
Pees 


e The relationship and 


Applications , dependencies between these 
| Data | Metadata! “Content | are important to fully grasp 
Data Metadata) | Content ane 
| Data | [Metadata] | Content | : the security risks to cloud 


Integration and middleware : computing 


a ——— x ae aha wacechalceud 
services 


— PaaS is layered on top of laaS 
— SaaS is built upon PaaS 
e Layered architectures inherit 
capabilities 
— These capabilities include 
operations and functionality 


— Unfortunately, they also inherit 
risks, including security risks 


© Copyright IBM Corporation 2010 


Infrastructure as a service 


Core connectivity and delivery 


Abstraction 


Hardware 


latform as a service (PaaS) 


Facilities 


Software as a service (SaaS 


Figure 5-4. Cloud reference model WS009 / VS0091.0 


Notes: 


Just as a quick recap, laaS includes the infrastructure stack from facilities to hardware, and 
the interfaces required to manage them. PaaS, residing on top of laaS, adds an additional 
layer of integration and application development. This may include middleware, such as 

MQ series, and databases. Developers are able to build applications using the PaaS stack. 


SaaS resides upon PaaS and laaS providing a self-contained operating unit that delivers 
the entire user experience, including all required software, such as presentation, content 
management, and user interface, graphical or other. 
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Figure 5-5. How security gets integrated WS009 / VS0091.0 


Notes: 


The cloud reference model is decomposed into three distinct groups, SaaS at the top, 
PaaS in the middle, and laaS at the lowest level. The lower down the cloud reference 
model the consumer moves, that is going from SaaS down to laaS, the more security the 
consumer is responsible for providing and managing. 


There are trade-offs in each grouped layer of the model. 


Generally speaking, SaaS provides the highest level of consumer functionality with the 
least amount of flexibility, requiring strong security already built-in. 


PaaS provides a layer in which developers work, providing them the freedom to create 
functionality. This increased flexibility removes additional security layering that was 
provided in SaaS. 


Finally, laaS provides few application features but tremendous flexibility. This opens up the 
application layer and middleware layer requiring the cloud provider to focus the security 
capabilities on the operating system and underlying infrastructure. 
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Cloud security risks 


k ? 
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Figure 5-6. Cloud security risks 


Notes: 
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Security is the top concern 


“How can 
we be assured that 
our data will not be leaked 
and that the vendors have the 
technology and the governance 
to control their employees 
from stealing data?” 


80% of enterprises consider 
security the #1 inhibitor to 
cloud adoptions 


48% of enterprises are 
concerned about the 
reliability of clouds 


“Security is the 
biggest concern. 
| don’t worry much 
about the other ‘-ities’ — 
reliability, availability, 
and so forth.” 
33% of respondents are 


concerned with cloud 
interfering with their ability 
to comply with regulations 


“| prefer internal 
cloud to laaS. When the 
service is kept internally, 
| am more comfortable 
with the security that 


Source: Driving Profitable Growth Through Cloud Computing, it offers..” 


IBM study (conducted by Oliver Wyman) 
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Figure 5-7. Security is the top concern WS009 / VS0091.0 


Notes: 


Security is the top concern for the adoption of cloud services. 
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Understanding security risks 


e IT security is a very complicated area of cloud computing for three 
reasons: 


— Security is trusted to the cloud provider; therefore, if the provider has not done a 
good job, there may be problems 


— Security is difficult to monitor, so problems may not be apparent until there is a 
problem 


— Measuring the quality of the cloud provider's security approach may be difficult 
because many cloud providers do not expose their infrastructure to customers 


e Approximately 70% of security breaches are caused by insiders, (or 
people who get help from insiders)* 
— The security approach must deal with internal and external threats 

e Often times with a cloud service agreement (contract), the agreement 
is crafted to protect the service provider, not the cloud customer 
— Cloud customers must have a deep level of understanding the contract 


*Source: Cloud Computing for Dummies, p. 176, 
Hurwitz, © 2010 by Wiley Publishing, Incorporated 
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Figure 5-8. Understanding security risks WS009 / VS0091.0 


Notes: 


There are good reasons that security, as on the last slide, is of top concern. IT security in 
cloud computing adds at least one critical layer of complexity. You, the consumer, are 
trusting security to an external source. This trusted relationship may add the challenge of 
monitoring and validating the security of the cloud provider, especially if the provider does 
not wish to expose their internal infrastructure to customers. 


When an organization is relying on itself to meet service level agreements (SLA), there is a 
certain amount of control available to the customer. If there are problems within the 
organization’s IT infrastructure, a manager may be able to get an executive to apply 
internal pressure, getting the attention required to meet the SLA. However, when the IT 
infrastructure, or layered services, are outside on an organization, the ability to apply 
pressure to get the required attention needed to fix the problem may rely on the details of 
the cloud contract and an external resource. With a poorly constructed contract, a 
consumer loses leverage. 
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Principal security dangers to cloud computing 


e Virtualization and multitenancy 
Nonstandard and vulnerable APIs 
Internal security breaches 

Data corruption or loss 

e User account and service hijacking 


© Copyright IBM Corporation 2010 


Figure 5-10. Principal security dangers to cloud computing WS009 / VS0091.0 


Notes: 


The principal security dangers to cloud computing include dangers that currently exist in 
pre-cloud computing. Cloud computing heightens the risks in certain dangers, such as data 
corruption, while introducing some new risks, such as virtualization and multitenancy. 
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Virtualization and multitenancy 


e Cloud offers take advantage of economics of scale, offering shared 
services within their infrastructure 


e Virtualization and multitenancy architectures make this possible 
e However, these technologies were not designed with strong isolation in 
place 


— Hypervisors have extended these risks, potentially exposing the operating 
system 


— Creating an environment where attackers can gain access at the operating 
system level (hypervisors) and higher level services (functionality and data) 
e To reduce these risks, consider: 


— Implement operating system security best practices, such as patch 
management 


— Implement application systems security best practices, such as AAA 
(authentication, authorization, and auditing) 
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Figure 5-11. Virtualization and multitenancy WS009 / VS0091.0 
Notes: 
5-16 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


Nonstandard and vulnerable APIs 


e Application programming interfaces (API) are the software interfaces 
that cloud providers offer, allowing customers access into their services 

e Cloud API are not standardized, forcing users of multiple cloud 
providers to maintain multiprogramming interfaces, increasing 
complexity and security risk 

e Since an API offers access to the internals of a system, a weak API 
exposes consumers to a variety of security issues encompassing all of 
the operational exposure the of the compromised API's functionality 

e To reduce these risks, consider: 


— Implement API security best practices, such as requiring AAA (authentication, 
authorization, and auditing) 


— Review the cloud provider’s security model being used for the API, including 
any API trusted chain 
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Figure 5-12. Nonstandard and vulnerable APIs WS009 / VS0091.0 
Notes: 
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Internal security breaches 


e The IT industry has well documented that over 70% of security 
violations are internal 


— This threat is amplified in cloud computing as both IT providers and 
consumers are under a single management domain 


e To reduce these risks, consider the following key components of the 
contractual agreement between the customer and cloud provider: 
— Transparency in information and internal management practices 
— Understand the human resources requirements 
— Have aclear level of escalation and notification of a breach 


— Ensure that contractually you are in the loop if an internal breach occurs with 
the cloud provider (with your data or another customer’s) 


© Copyright IBM Corporation 2010 


Figure 5-13. Internal security breaches WS009 / VS0091.0 


Notes: 


If another customer is breached by the cloud provider, you do not have the know the details 
of the information lost. However, you have a right to know the type of breach and what has 
been done to stop this type of breach from being repeated. Another customer’s breach may 
offer insight into a potential hole in the cloud services being offered to you. 
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Data corruption or loss 


e Data corruption or loss is amplified since the cloud provider is the 
source for a companies data, not the company itself 

e These operational characteristics of the cloud environment, at the 
PaaS and SaaS layers, amplify the threat of data loss or leakage 
increase 


e To reduce these risks, consider: 

Implement application systems security best practices, such as AAA 
(authentication, authorization, and auditing) 

Implement strong encryption, SSL, digital signatures, and certificate practices 
Ensure that strong disaster recovery processes exist and are tested on a 
periodic basis 

Require that the persistent medium used to store your data is erased prior to 
releasing it back into the pool 
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Figure 5-14. Data corruption or loss WS009 / VS0091.0 


Notes: 
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User account and service hijacking 


e User account and service hijacking occurs when a attacker obtains 
your cloud services information and uses it to take over your cloud 
access 

e If attackers gain access to a cloud user’s credentials, they can 
eavesdrop on activities and transactions, manipulate or steal data, 
return falsified data, and redirect clients to illegitimate sites 


e To reduce these risks consider: 


Implement security best practices, including human processes, such as strong 
passwords, two-factor authentication, and prohibiting the sharing of users’ 
credentials 


Implement application systems security best practices, such as AAA 
(authentication, authorization, and auditing) 


Implement strong encryption, SSL, digital signatures, and certificate practices 
Ensure that auditing and logging is being used to monitor activities 


© Copyright IBM Corporation 2010 


Figure 5-15. User account and service hijacking WS009 / VS0091.0 


Notes: 


Two-factor authentication means using any independent two of these authentication 
methods (for example, password + value from physical token) to increase the assurance 
that the bearer has been authorized to access secure systems. 
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Figure 5-16. Steps to reduce cloud security breaches WS009 / VS0091.0 
Notes: 
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Reducing cloud security breaches 


e The following steps offer a guideline to reducing cloud security 
breaches: 
1. Implement security best practices including human processes 


2. Implement operating system security best practices, such as patch 
management 


Implement application and API systems security best practices 

Implement strong encryption, SSL, digital signatures and certificate practices 
Ensure that auditing and logging are being used to monitor activities 

Ensure that strong disaster recovery process exist 

Transparency in information and internal management practice 

Understand the human resources requirements 


Have a clear level of escalation and notification of a breach, ensuring that you 
are in the loop if an internal breach occurs with the cloud provider (with your 
data or another customer’s) 


e Some import products can significantly contribute to security 


— Identity management 2 s 
| =: 
Ale 


O 0 EE E p 


— Detection and forensics 
— Data encryption 
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Figure 5-17. Reducing cloud security breaches WS009 / VS0091.0 


Notes: 


The slide offers some tangle steps that can be taken to reduce cloud security breaches. As 
with most security, a solid solution includes technical aspects, such as authorization and 
authentication; and also process. 


If the cloud provider is responsible for security, and that has been backed up with a strong 
contract, then the customer’s main technical focus is security from the user into the cloud. 
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Identity management 


e Identity management is a broad administrative area that deals with 
identifying individuals in a system and controlling access to the 


resources in that system by placing restrictions on the established 
identities of the individuals 


e Identity management is particularly important in a cloud environment 
since the cloud is sharing and virtualizing physical resource across 
many internal (and often external) users 


— Controlled access to different services is critical 


e Identify management helps prevent security breaches and assists 
companies in meeting IT security compliance regulations 
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Figure 5-19. Identity management WS009 / VS0091.0 


Notes: 
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Benefits of identity management 


e Improved user productivity — productivity improvement comes from 
simplifying the interface 

e Improved customer and partner services — customers and partners 
benefit from a more streamlined, secure process when accessing 
application data 

e Reduced help desk costs — helps desks normally receive few 
“password reset” calls when an identity manage process is 
implemented 

e Reduced IT costs — identity management enables automatic 
provisioning (providing and revoking user rights) 
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Figure 5-20. Benefits of identity management WS009 / VS0091.0 
Notes: 
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Aspects of identity management 


e Centrally locate the data — establishing a common database or 
directory is generally the first step to gaining control of identity data 


Integrating — identity management systems must effectively integrate 
with other systems 


Strengthen authentication — requiring stronger authentication 
measures, such as fingerprints, handprints, iris verification, identity 
tokens, and stronger password parameters 


Provisioning — when systems are linked to an identity system, 
provisioning can be automated, such as revoking or granting employee 
access rights 


Single sign-on — all systems communication with the identity 
management, system allowing the user to sign on once in an 
organization 


Security administration — administration is reduced due to automation 
e Analyzing data — centralized data can produce reports more easily 
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Figure 5-21. Aspects of identity management WS009 / VS0091.0 


Notes: 


This section covers the various aspects of identity management as related to information 
technology. 
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Detection and forensics 


e Activity logs — log files provide information but are costly in space 

e Host-based intrusion protection systems (HIPS) and network-based 
intrusion protection systems (NIPS) 
— System and log-file monitors — software looks for traces of hackers in log files 


— Network intrusion-detection systems (NIDS) — software programs that monitor 
data packets as they travel through the network 


— Digital deception software — software that deliberately misleads anyone who is 
attempting to attack the IT network 


— White-listing software — software that inventories valid executable programs 
running on a computer and prevents other executables from running 


— Unified threat management — analyzing combined information for threats 
e Fooling attackers by spoofing 


— Spoofing — pretending to be something else, such as IP address, email 
accounts 


— Honey pot — system that pretends to be something else (something of value) 
that tricks attackers into revealing details about where they are attacking from 


e Data audit — logging who looks at the data (Sarbanes-Oxley, SOX) 
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Figure 5-22. Detection and forensics WS009 / VS0091.0 


Notes: 


All access to cloud resources should be recorded, both for legitimate and illegitimate cloud 
users, leaving evidence of the resource utilization. The goal of detection and forensics is to 
capture a record of all situations. This allows organizations to maintain a record of what 
happened, providing the organization information to close the gap, while provide a record 
of what actually happened. 
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Encryption techniques 
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Figure 5-23. Encryption techniques 


Notes: 
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Encrypting data 


e Encryption is a critical component of cloud computing which is used to 
ensure that data moving from point A to point B with being altered or 
intercepted 

e The journey from point A to point B may include: 

— Within the cloud environment (internal to the cloud) 
— The Internet between a corporation (cloud user) and the cloud provider 
— Between multiple clouds (external to the cloud) 

e Encrypting methods 
— Symmetric keys 
— Asymmetric keys 
— Digital signatures 

e Secure Sockets Layer (SSL) addressing cloud client connection issues 
— SSL overview 
— SSL handshake 
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Figure 5-24. Encrypting data WS009 / VS0091.0 
Notes: 
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Symmetric key encryption 


e Symmetric or secret key technology is a model in which two parties 
have a shared secret 


e The same key is used for both encryption and decryption 


Plain Encrypted 
unencrypted (cipher text) 
(clear text) 
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Figure 5-25. Symmetric key encryption WS009 / VS0091.0 


Notes: 


It is important that, once a key is established between the two parties, it is kept private. 
Symmetric encryption works relatively fast. 
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Asymmetric key encryption 


Public key cryptography 


e Two keys that are cryptographically related: Public 
— Public key (can share with everyone) 
— Private key (must never be shared; possession Private 
is proof) 


e Keys are asymmetric: 


— Given message is encrypted with one key and 
decrypted with another 


— Symmetric, secret key technology uses same 
key for encrypt and decrypt 


soot ~ 
, (18 


Public Private 


unencrypted encrypted unencrypted 
© Copyright IBM Corporation 2010 
Figure 5-26. Asymmetric key encryption WS009 / VS0091.0 
Notes: 


Asymmetric algorithms use a pair of keys. One is used for encryption and the other one for 
decryption. The decryption key is kept private, so it is called a “private key” or “secret key”; 
while the encryption key is distributed, hence it is called a “public key”. Anyone who has the 
public key is able to send encrypted messages to the owner of the secret key. The secret 
key cannot be reconstructed from the public key. 


Asymmetric algorithms seem to be ideally suited for real-world use; the secret key does not 
have to be shared, so the risk of it being discovered is much smaller. Each user only needs 
to keep one secret key private and maintain a collection of public keys that can be shared 
as necessary. 


However, asymmetric algorithms are much slower than symmetric ones. Therefore, in 
many applications, a combination of both is being used. The asymmetric keys are used for 
authentication and after this has been successfully established, one or more symmetric 
keys are generated and exchanged using asymmetric encryption. 
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his plain text is created using the using the cloud user’s private 
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© Copyright IBM Corporation 2010 
Figure 5-27. Digital signature WS009 / VS0091.0 
Notes: 


The cloud user creates a message, and it is encrypted into cipher text. The cipher text is 
then hashed to create the message digest. The message digest is then encrypted using the 
cloud user’s private key; this creates the digital signature. The message is then sent to the 
cloud provider. The cloud provider receives the message, and two processes are run 
against the message: 


1. The signed hash is decrypted using the cloud user’s public key; this creates a message 
digest (hash number). 


2. The message textis also hashed using the cryptographic hash algorithm; this produces 
another message digest (hash number). 


If these two hash numbers are equal, then the message has not been tampered with. 
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What is SSL? 


e SSL stands for Secure Sockets Layer 

e Provides connection security through: 
— Communication privacy — the data on the connection can be encrypted 
— Communication integrity — the protocol includes a built-in integrity check 
— Authentication — the client knows who the server is 


e Creates a VPN 


. W rver 
Client browser eb serve 
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Figure 5-28. What is SSL? WS009 / VS0091.0 


Notes: 


SSL (Secure Sockets Layer) is the standard security technology for establishing an 
encrypted link between a web server and a browser. This link ensures that all data passed 
between the web server and browsers remains private and integral. SSL is an industry 
standard and is used by millions of websites in the protection of their online transactions 
with their customers. 
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Solving the security problems 


e Solve the following security problems: 
— Tampering 
— Impersonation 
— Eavesdropping 
e Using the following processes: 
— Symmetric and asymmetric keys 
— Encryption techniques 
— Digital signatures 
— Digital certificates 
e These processes are combined together in a protocol called the 
Secure Sockets Layer 
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Figure 5-29. Solving the security problems WS009 / VS0091.0 
Notes: 
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SSL provides 


e Message privacy 
— Using asymmetric and symmetric key encryption 
— Uses a handshake when initiating contact (the handshake establishes a session 
key and encryption algorithm, between both parties, prior to any messages being 
sent) 
e Message integrity 
— By using the combination of shared secret key and cryptographic hash functions 
— This ensures that the content of any messages does not change 
e Mutual authentication 
— Server always authenticates to client 
— Client optionally authenticates to server 
— This happens during the handshake 
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Figure 5-30. SSL provides WS009 / VS0091.0 
Notes: 
© Copyright IBM Corp. 2010 Unit 5. Security in cloud computing 5-39 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


Unit summary 


Having completed this unit, you should be able to: 
e Review the integration of security into the cloud reference model 


e Describe security considerations in cloud computing, including cloud 
security risks and cloud security breaches 


e Identify security options available in cloud computing 


Formulate identity management techniques, including detection and 
forensics and encryption 


Identify the top security threats to cloud computing 
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Figure 5-31. Unit summary WS009 / VS0091.0 
Notes: 
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Checkpoint 


1. True or False: The lower down the Cloud Reference Model stack the 
consumer moves, the more security the consumer is responsible for 
providing and managing. 


2. Which of the following terms is not an aspect of identify management? 


A. Centrally locate the data E. Single sign-on 

B. Integrating F. Security administration 
C. Strengthen authentication G. Analyzing data 

D. Provisioning H. Two-phased commit 


3. Match the following: 
A doorway into cloud services . Internal security breaches 
Internal security violations B. User account and service hijacking 
Leveraging shared technologies . Data corruption or loss 
Lost or corruption of data . Nonstandard and vulnerable APIs 


Attacker gains access to a cloud . Virtualization and multitenancy 
users credentials 
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Figure 5-32. Checkpoint WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Checkpoint answers 


1. True or False: The lower down the Cloud Reference Model stack the consumer 
moves, the more security the consumer is responsible for providing and 
managing. 

2. Which of the following terms is not an aspect of identify management? 

A. Centrally locate the data Single sign-on 
B. Integrating Security administration 
C. Strengthen authentication Analyzing data 


D. Provisioning Two-phased commit is a database 
term 


pe Gy im 


3. Match the following: 


A doorway into cloud services . Nonstandard and vulnerable APIs 
Internal security violations . Internal security breaches 


Leveraging shared technologies . Virtualization and multitenancy 
Lost or corruption of data . Data corruption or loss 


Attacker gains access to a cloud . User account and service hijacking 
users credentials 
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Checkpoint (optional) 


1. What is the name of systems that pretend to be something else 
(something of value) that tricks attackers into revealing details on 


where they are attacking from? 


© Copyright IBM Corporation 2010 
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Figure 5-34. Checkpoint (optional) 
Notes: 
Write your answer here: 


1. 
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Checkpoint (optional) answer 


1. What is the name of systems that pretend to be something else 
(something of value) that tricks attackers into revealing details on 
where they are attacking from? 

Answer: Honey Pot is the name of systems that pretend to be 


something else (something of value) that tricks attackers into 
revealing details on where they are attacking from. 
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Figure 5-35. Checkpoint (optional) answer WS009 / VS0091.0 
Notes: 
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Unit 6. IBM cloud computing architecture and 
offerings 


What this unit is about 


This unit describes the cloud computing offerings and services that 
IBM provides. 


What you should be able to do 


After completing this unit, you should be able to: 


Position various vendors in the service delivery model of cloud 
computing 


Provide an example of an IBM cloud architectural configuration 


Describe the IBM cloud computing offerings and services 
- Collaboration — LotusLive, BlueWorks 
- Smart Business Desktop 
- Smart Business Development and Test 


- Smart Analytics Cloud 


Describe IBM tooling options for management and governance — 
Tivoli 


Describe the IBM Smart Business Development and Test cloud — 
Jazz for Rational 


Describe cloud computing using IBM WebSphere 


How you will check your progress 


e Checkpoint 


« Demonstration 
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Unit objectives 


After completing this unit, you should be able to: 

e Position various vendors in the service delivery model of cloud 
computing 

e Provide an example of an IBM cloud architectural configuration 

Describe the IBM cloud computing offerings and services 

— Collaboration — LotusLive, BlueWorks 

— Smart Business Desktop 

— Smart Business Development and Test 

— Smart Analytics Cloud 

Describe IBM tooling options for management and governance — 

Tivoli 

Describe the IBM Smart Business Development and Test cloud — 

Jazz for Rational 


Describe cloud computing using IBM WebSphere 
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Figure 6-1. Unit objectives WS009 / VS0091.0 
Notes: 
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Topics 


e Cloud services and vendor-positioning 
e Cloud computing for a test environment 
e IBM cloud architecture and TSAM 

e Development and test on the IBM cloud 
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Figure 6-2. Topics WS009 / VS0091.0 
Notes: 
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6.1. Cloud services and vendor positioning 
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Cloud services and vendor 
positioning 
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Figure 6-3. Cloud services and vendor positioning WS009 / VS0091.0 
Notes: 
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IT services that can be standardized for cloud 


e Web-based applications 

e Collaboration tools 
— Email and instant messaging 

e Development and test environments 
— Desktop and user 

e High-performance computing 


— File and image storage 

— CPU-intensive research and development applications that may require high 
availability and failover 

— Payment processing and expense management 
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Figure 6-4. IT Services that can be standardized for cloud WS009 / VS0091.0 


Notes: 
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Cloud service layers and vendor positioning 


Software as a service (SaaS) Applications 


e Business processes «Salesforce.com °Oracle CRM on Demand 
CRM, ERP, 
Collaboration e Taleo eGoogle 


eIndustry applications “Analytics e NetSuite *ADP 


Platform as a service (PaaS) Platforms 


e Middleware eJ ava runtime 
e Database «Messaging 
eWeb 2.0 runtime ‘BPM 

e Development tooling 


e Force.com e Microsoft 
e Google e Cisco 


Infrastructure as a service (laaS) 


e Servers «Shared «Amazon 
e Networking virtualized, | *Dell 
*Data center fabric «Dynamic *Cisco 
«Shared provisioning 
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Figure 6-5. Cloud service layers and vendor positioning WS009 / VS0091.0 


Notes: 


The functions and services offered by cloud computing start with the needs of the user. In 
the case of the IBM Smart Business Development and Test Cloud and most other 
commercial cloud offerings, the user makes a request for services and resources through a 
self-service portal. Cloud applications then search for resources to match the request using 
a portfolio of cloud services. Access is provided back to the consumer through the portal. 


Applications: Business process services are focused on providing existing business 
processes through a cloud. If there is an existing process with steps that are known, it can 
be provided as a service within the catalog. This allows the service provider to automate 
any steps within the process while leaving the changes transparent to the customer. 


Platforms: Software platform services allow consumers to select a specific software 
instance that they want created, without the need to be aware of where and how it will be 
hosted. Key components of software platform services include tools and services for 
developers, dynamic software usage and accounting, and optimized middleware: 
application servers, database servers, and portal servers. 
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Infrastructure: Infrastructure services allow for the provisioning of standardized compute 
resources. They allow a consumer to request and receive a new computer instance without 
needing to focus on IT concerns such as network placement and hardware availability. 
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Figure 6-6. IBM cloud services WS009 / VS0091.0 


Notes: 


IBM provides technologies to plan, build, deliver, and manage cloud services. In addition, 


IBM provides enabling services: experience and expertise to help clients plan, build, and 
deliver cloud services. 


Here is a list of IBM cloud-based offerings. Each one is described briefly on the following 
slides: 


e Analytics services: 
- IBM Cognos 8 Business Intelligence 
- IBM Smart Analytics Cloud for System z 
e Shared middleware services: 
- IBM WebSphere Application Server Hypervisor Edition 


- IBM WebSphere Cloudburst Appliance 
e Infrastructure services: 
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IBM Information Archive 

IBM Smart Business Storage Cloud 

IBM Smart Business Desktop 

IBM CloudBurst 

IBM Smart Business for SMB 

IBM Smart Business Development and Test Cloud 


IBM Smart Business Development and Test on the IBM Cloud 


e Service management: 


IBM Service Delivery Manager 


Rational Quality Manager 


e Security: 


IBM Rational AppScan family of products: 

IBM Security Server Protection 

IBM Security Network Intrusion Prevention System 
IBM Managed Security Services 

Business planning and life cycle management: 
IBM Rational System Architect 


IBM Rational Requirements Composer 


IBM Rational Software Delivery Services, Rational Asset Manager 
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Analytics services 


e IBM Cognos 8 Business Intelligence 
— SOA-based; draws on data from all enterprise sources 


— Allows you to use reports, analysis, dashboards, and scorecards to monitor 
business performance, analyze trends, and measure results 


e IBM Smart Analytics aooaa 
Cloud for System z a e SESS 
p id b . m: =| 3| Pipeline Health Check for Region: <Office> 
— Provides business pa sic ise 
intelligence services on 
powered by a cloud 


ep 


<NewOpskeq 


deployment snamniseerean casa 
=~ Cognos reporting software ==- 
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Figure 6-7. Analytics services WS009 / VS0091.0 


Notes: 


IBM Cognos 8 Business Intelligence delivers the complete range of BI capabilities: 
reporting, analysis, dashboarding and scorecards on a single, service-oriented architecture 
(SOA). Author, share and use reports that draw on data across all enterprise sources for 
better business decisions. 


For more information, see: http: //ww. ibm. com/software/data/cognos/products/ 
cognos -8-business-intelligence/ 


IBM Smart Analytics Cloud focuses on transforming traditional business intelligence and 
analytic environments into a self service knowledge dissemination solution for the 
enterprise. The Smart Analytics Cloud creates a standard private cloud business 
intelligence solution at the customer site built on mainframe capability. This solution is 
designed to provide customers with business intelligence services that are powered by a 
cloud deployment for greater efficiency with less cost and resources to reach a broader 
audience. 


See: http: //ww.ibm.com/systems/z/solutions/cloud/smart . html 
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LotusLive 


e Provides cloud-based 
collaboration solutions 
and social networking http: //www.lotuslive.com/ 
services for business 


— Email rata vo ae mr 
— Online meetings 

— Social networking 

— Instant messaging 

— File sharing, and so on 
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Figure 6-8. Lotus Live WS009 / VS0091.0 


Notes: 


LotusLive is a collection of integrated, online collaboration solutions and social networking 
services for your business. 


You can meet online, share files, chat, manage projects, and network with potential clients, 
anywhere, anytime. Whether you work remotely, manage remote teams, or just need one 
simple place to bring colleagues together, LotusLive delivers collaboration solutions, all in a 
securely designed environment. 


LotusLive provides the following types of solutions: 
e Reliable email options in a secure hosted environment 
e Online meetings with anyone, anywhere, anytime 
¢ Tools for business social networking 
e Online services to bring your team together online 
e Smart solutions for online collaboration, such as file sharing 


See http://ww.lotuslive.com/ for more information. 
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S 
Other collaboration tools 


e BPM BlueWorks: 


— Allows you to create a space to collaborate with your team and map your 
business vision 


— Create a free account and invite others to your design space, or register with an 
existing one 


e BPM Blueprint 


— A cloud-based process discovery and documentation platform accessible from 
any browser 


— Allows users to outline, document, diagram, analyze, and share process details 


Hile Edit” VieW History Bookmarks jools” Help 


< > ges V Bw Internatio: nes Co ESF https://apps.lotuslive.com/bpmblueworks/ 


@ BPM Blueworks - Home 


BPMBlueWorks neta L Home News : Media Library ©) : Blogs @) : Forums 


Welcome to BPM BlueWorks 


A place for business leaders and 


business analysts to discover, explore, and ; 


design business-relevant content to help them 


Password: 


© Copyright IBM Corporation 2010 


Figure 6-9. Other collaboration tools WS009 / VS0091.0 


Notes: 
BPM BlueWorks: 
e Allows you to create a space to collaborate with your team and map your business 
vision 
e Create a free account and invite others to your design space, or register with an existing 
one 


e Provides industry content submitted by other members of the BPM BlueWorks 
community 


e Allows you to share your business design content with the BPM BlueWorks community 
e Provides best practices, exchange tips 


¢ Allows you to connect with other BPM practitioners through the BPM BlueWorks blog 
and community forum 


BPM Blueprint: 
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e Acloud-based process discovery and documentation platform accessible from any 
browser 


e Allows users to outline, document, diagram, analyze, and share process details 
For more information, see: 

e https: //apps.lotuslive .com/bpmblueworks/ 

e http: //ww. ibm.com/software/integration/bpm-blueprint/ 


© Copyright IBM Corp. 2010 Unit 6. IBM cloud computing architecture and offerings 6-15 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


Shared middleware services 


e IBM WebSphere Application Server Hypervisor Edition 


— Provides an innovative, performance based foundation to build, reuse, run, 
integrate and manage SOA applications and services within virtualized 
environments 


e IBM WebSphere Cloudburst Appliance 


— A hardware appliance that provides access to software virtual images and 
patterns that can be used as is or easily customized, and then securely 
deployed, managed, and maintained in a private cloud 


— Works seamlessly with IBM WebSphere Application Server Hypervisor Edition 


IBM WebSphere Cloudburst Appliance 


| 
WebSphere. software — 
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Figure 6-10. Shared middleware services WS009 / VS0091.0 


Notes: 

For more information see: 
¢ http://ww.ibm.com/software/webservers/appserv/hypervisor/ 
¢ http://ww.ibm.com/software/tivoli/products/cloudburst/ 


These products will be described in the next unit. 


6-16 Fundamentals of Cloud Computing © Copyright IBM Corp. 2010 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


Security 


e IBM Rational AppScan family of products: 


— Automates web application security testing by scanning applications, identifying 
vulnerabilities, and generating reports with intelligent fix recommendations to ease 
remediation 


— Multiple editions available 
e IBM Security Server Protection 


— Offers multilayered protection against known and unknown threats and supports a 
broad range of operating systems 
— Protects servers from attack and manages compliance with monitoring, recording, 
auditing 
e IBM Security Network Intrusion Prevention System (formerly IBM Proventia 
Network Intrusion Prevention System): 


— Network security platform that delivers IBM Virtual Patch technology, client-side 
application protection, advanced IPS, data security, and protection for web applications 


e IBM Managed Security Services, cloud security services 
Provides expertise, tools, and infrastructure needed to 


secure information assets from Internet attacks 24-7-365 UUs software 
— Express managed email and web security 
— Security event and log management service Rational.Koia el 


Vulnerability management service 
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Figure 6-11. Security WS009 / VS0091.0 


Notes: 


IBM Rational AppScan family of products include: 


AppScan Build Edition: embeds web application security testing into the build 
management workflow. 


AppScan Enterprise Edition: provides web application vulnerability testing and 
reporting solution used to scale security testing. 


AppScan Express Edition: provides affordable web application security for smaller 
organizations. 


AppScan OnDemand: identifies and prioritizes web application security vulnerabilities 
via the SaaS model. 


AppScan OnDemand Production Site Monitoring: monitors production web content 
and sites for security vulnerabilities via the SaaS model. 


AppScan Reporting Console: provides centralized reporting on web application 
vulnerability data. 
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e AppScan Source Edition: prevents data breaches by locating security flaws in the 
source code. 


e AppScan Standard Edition: automates web application security testing for IT security, 
auditors, and penetration testers. 


e AppScan Tester Edition: integrates web application security testing into the QA 
environment. 


¢ IBM Security Server Protection (formerly IBM Proventia Server Protection) offers 
multilayered protection against known and unknown threats and supports a broad 
range of operating systems. It helps provides host protection against data breaches and 
offers tracking and reporting to ease meeting regulatory compliance. 


e IBM Security Network Intrusion Prevention System (formerly IBM Proventia 
Network Intrusion Prevention System) is a network security platform that delivers IBM 
Virtual Patch technology, client side application protection, advanced IPS, data security, 
and protection for web applications. It includes: 


- IBM Web Application Security: protects web applications with IBM Proventia Web 
Security for the same security of a stand-alone web application firewall 


- IBM Security Content Analysis technology: safeguards critical data 
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IBM Smart Business Development and Test Cloud 


e Implementation of a private cloud for a test and development 
environment 


e Includes: 
— Self-service catalog portal to request resources 


— Cloud management platform with service request management, automated 
provisioning, and change and configuration management 


Enhanced Web 2.0-based GUI 

Image management 

Usage metering and accounting with ITUAM 

Preconfigured software images for Rational Team Concert, Rational Asset 
Manager, Rational Quality Manager, BuildForge 


e Supports VMware, KVM, and PowerVM environments 
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Figure 6-12. IBM Smart Business Development and Test Cloud WS009 / VS0091.0 


Notes: 


Provides design and implementation of a private cloud for a test and development 
environment, which includes: 


e Self-service catalog portal to request resources 


¢ Cloud management platform with service request management, automated 
provisioning, and change and configuration management 


¢ Enhanced Web 2.0-based GUI 
¢ Image management 
e Usage metering and accounting with ITUAM 


e Preconfigured software images for Rational Team Concert, Rational Asset Manager, 
Rational Quality Manager, BuildForge 


Supports VMware, KVM, and PowerVM environments. 
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6.2. Cloud computing for a test environment 
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Cloud computing for a test 
environment 


‘~ 
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a © Copyright IBM Corporation 2010 
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Figure 6-13. Cloud computing for a test environment WS009 / VS0091.0 
Notes: 
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Using cloud computing for a test environment 


e The characteristics of cloud computing are a natural fit for enhancing your 
test environment. 


Service 
offering manager 
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Figure 6-14. Using cloud computing for a test environment WS009 / VS0091.0 


Notes: 


This diagram illustrates an example cloud deployment and management process. When 
done manually, these steps can take a significant amount of time. A cloud environment 
dramatically reduces this complexity by implementing automation, business workflows, and 
resource abstraction that allows a user to browse a catalog of IT services and submit the 
order. 


1. A service designer may define service offerings. In a cloud environment, predefined 
templates can be used. 


2. Services are released to users in the form of a service catalog. In a cloud environment, 
this service catalog may be available through a user portal. 


3. A resource request is initiated by a customer. The request may need to be approved by 
a service offering manager. In a cloud environment, this step can be automated or 
implemented by a workflow. 
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4. The test resources are reserved or allocated for the customer and provisioned. This 
process can be automated by using a service automation manager, such as TSAM 
(described later). 


5. An application image is created. This process can also be managed by a service 
automation manager. 


6. The developer works with the image. The developer may make changes to the image, 
run tests, and so on. 


The image is promoted to production. 


Resources are deprovisioned. The administrator returns resources to the pool when 
they are no longer needed. This process can also be automated by using a service 
automation manager. 


9. The developer may initiate the cycle again. A cloud environment leverages reusable 
resources. 
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6.3. IBM cloud architecture and TSAM 
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Figure 6-15. IBM cloud architecture and TSAM 


Notes: 
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It 


Cloud systems view (1 of 2) 


e A cloud is made up of the managing and the managed 
environments 


e The managing environment supports the management of cloud 
services throughout their life cycle 


e The managed environment is managed by the service management 


infrastructure; it includes the physical hardware layer and the virtual 
layer 


e The combination of the managing layer and the managed layer 
ensures that resources in a data center are efficiently managed and 
can be provisioned, deployed, and configured rapidly 
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Figure 6-16. Cloud systems view (1 of 2) WS009 / VS0091.0 


Notes: 
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Cloud systems view (2 of 2) 
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Figure 6-17. Cloud systems view (2 of 2) WS009 / VS0091.0 
Notes: 


Service portals: The service portals provide an easy-to-access, secure method for private 
test cloud service consumers and service providers to configure and request services from 
the cloud. 


Cloud service products: The service products layer includes the private test cloud service 
offerings. 


Cloud managing environment: The managing environment supports the management of 
cloud services throughout their life cycle. The private test cloud management layer acts like 
the brain or control center to efficiently manage the resources in the entire cloud 
environment. The combination of the managing layer and the managed layer ensures that 
resources in a data center are efficiently managed and can be provisioned, deployed, and 
configured rapidly. This environment allows the provisioning process to be shortened by up 
to four weeks. 


Tivoli Change and Configuration Management Database (CCMDB): The Change and 
Configuration Management Database is the store of information related to the components 
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of the information management system. The CCMDB contains the data required to support 
service automation management, typically including the following elements: 


Service templates 
Topologies 
Management plans 
Reservations 


Assets and configuration items 


Software library: The software library is a repository that stores authorized versions of 
software packages and images. 


Cloud managed environment: The managed environment is managed by the service 
management infrastructure. The managed environment includes the physical hardware 
layer and the virtual layer. This provides a flexible, adaptive platform to improve resource 
utilization. Virtualization allows a set of underutilized physical servers to be consolidated 
into a smaller number of more fully utilized physical servers. The virtual layer provides the 
abstraction of logical resources away from their underlying physical resources. 
Virtualization technology is not limited to servers; it can also be applied to storage, 
networking, and applications. 
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IBM Tivoli Service Automation Manager (TSAM) 


e Supports a comprehensive deployment and management process for cloud 
environments 
——> 


Service Service 
operations termination 


A —_—> ; 
Service Service 


definition and | Service offering instantiation 


integration and automation 


e Users can request, deploy, monitor, and manage cloud service environments 
e Templates define service offerings, such as virtualized operating systems and 
application middleware stacks, integrated with workflow processes and 
standardized configurations, and make them available to business operations staff 
members 
— Enables IT to respond quickly to demands for computing resources and application 
middleware deployments 
— Facilitates standardization and automation for deployment and management of cloud 
services 
e Provides traceable processes and approval routings to serve as audit trails, and 
integrates with process governance 
e Can be integrated with other service management capabilities such as: 


— Configuration and change — Release management 
management — Financial management 
— In-depth monitoring — Service desk functionality 
© Copyright IBM Corporation 2010 
Figure 6-18. IBM Tivoli Service Automation Manager (TSAM) WS009 / VS0091.0 
Notes: 


IBM Tivoli Service Automation Manager (TSAM) supports a comprehensive deployment 
and management process for cloud environments. The diagram provides a high-level view 
of this process. 


Some attributes of IBM Tivoli Service Automation Manager are as follows: 
e Users can request, deploy, monitor, and manage cloud service environments 


e Templates define service offerings, such as virtualized operating systems and 
application middleware stacks, integrated with workflow processes and standardized 
configurations, and make them available to business operations staff members 


e Enables IT to respond quickly to demands for computing resources and application 
middleware deployments 


e Facilitates standardization and automation for deployment and management of cloud 
services 


e Provides traceable processes and approval routings to serve as audit trails, and 
integrates with process governance 
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e Can be integrated with other service management capabilities, such as: configuration 
management, change management, in-depth monitoring, release management, 
financial management and service desk functionality 


In addition, Tivoli Service Automation Manager integrates with the IBM WebSphere 
CloudBurst Appliance to speed the delivery of WebSphere-based cloud services by 
providing the ability to create projects and add servers based on WebSphere patterns. 
Tivoli Service Automation Manager is also included with IBM CloudBurst to help provide an 
easy-to-deploy private cloud package and provide consistent administration across your 
cloud environment. 
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Figure 6-19. Service request flow with TSAM WS009 / VS0091.0 


Notes: 


The service automation manager, such as TSAM, is an integral component of the operation 
supporting system (OSS) layer. This diagram illustrates how a request is handled through 
the request life cycle by a service automation manager. 


1. User requests or reserves a resource. 


2. TSAM allocates it from the resource pool. 

3. TSAM retrieves and configures a VM image from the image library. 

4. TSAM provisions the image. 

5. TSAM retrieves application and middleware configurations from the asset library. 

6. TSAM configures and deploys the software onto the image. 
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TSAM overview screen of key metrics and tasks for the cloud 
administrator 


Tivoli. Service Automation Manager Welcome Bill Man About Help | Logout 
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Figure 6-20. TSAM overview screen of key metrics and tasks for the cloud administrator WS009 / VS0091.0 


Notes: 


Tivoli Service Automation Manager provides robust functionality for selecting and 
provisioning standard software packages on virtual servers. A simple, easy-to-use set of 
applications enable data center personnel to achieve rapid time-to-value for virtual-server 
provisioning from these platforms. The off-the-shelf configuration that is provided for these 
applications supports fully automated provisioning with a standardized set of deployment 
activities. 


The self-service environment is supported by the self-service user interface. The 
Self-Service Virtual Server Management functionality addresses a long-standing need by 
data centers to efficiently manage the self-service deployment of virtual servers and 
associated software. Using a set of simple, point-and-click tools, a user can select a 
software stack and have the software automatically installed or uninstalled in a virtual host 
that is automatically provisioned. 


The screen shown here shows some of the features available for Self-Service Virtual 
Server Management. From the Self-Service Virtual Server Management interface, you can 
perform the following types of tasks: 
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e Log in to the self-service user interface, which provides direct access to the offerings. 


e Work with a set of built-in approval workflows and notifications that are invoked after 
self-service provisioning requests are created. 


e Create a virtual server project with one or more virtual servers. Each server receives an 
automatically assigned host name. 


e Create a new project and use the saved server images to provision a server in that 
project. This functionality is only available for VMware, System p LPAR, and KVM. 


e Cancel a virtual server project. When you cancel a project, all of the servers that have 
been provisioned within that project are deprovisioned. The host names that were 
automatically assigned to these servers are freed up for use by other virtual servers that 
are created in the data center. Any image saved for a server that participated in the 
project is deleted. 


e Add new servers to a project or modify the reservation date. 
e Modify the state of a server, its resources, or reset the password for a server. 


e Create and remove snapshot-like server images, and restore the servers using these 
images. This functionality is not implemented for the Xen and z/VM hypervisors. 


e Manage the Tivoli Provisioning Manager Image Library — this is the source for software 
images to be used in provisioning the virtual servers. Once the image templates 
discovery has been performed in Tivoli Provisioning Manager by the system 
administrator, the images need to be registered in the Image Library, so that they can 
be used for provisioning. Use these tasks to learn how to register or unregister server 
images. 


e Manage users and groups of users. 

e View general details about a project and its servers. 

e View the list of all servers and manage them. 

e View the full list of requests and their statuses. 

e View the details of a request and work with communication logs. 

e View the details of the requests awaiting approval and approve or reject them. 


These tools integrate with IBM Tivoli Service Request Manager to provide a self-service 
portal for reserving, provisioning, recycling, and modifying virtual servers, and working with 
server images, in the following platform environments in a virtualized non-production lab 
(VNPL): 


e VMware on System x (also used in the IBM CloudBurst and WebSphere CloudBurst 
Appliance products) 


e Xen on System x 
e KVM on System x 
e LPARs on System p 
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e z/VM guests on System z 
e WebSphere CloudBurst Appliance 


Capabilities support baseline reporting, management, and control. 
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A spectrum of deployment options 


Private Shared private Public 
Enterprise : Enterprise : l Enterprise ‘Enterprise: ‘Enterprise; / Users 3 
data center $; datacenter i; data center ; A B aTe 
Private 
cloud 
e Private «IBM hosted «IBM hosted «IBM owned «IBM owned 
‘Implemented «Mission and operated and operated and operated 
on client critical eStandardization •Multitenant e Multitenant 
premises «Packaged ¢Centralization «Mix of shared «Shared 
*Client runs applications «Security and dedicated resources 
and manages “internal resources «Elastic scaling 
network *VPN access Pay as you go 
e Subscription- «Public 
based Internet 
Client owns infrastructure IBM owns infrastructure and client 
and has exclusive access has shared access; pays by usage 
© Copyright IBM Corporation 2010 
Figure 6-21. A spectrum of deployment options WS009 / VS0091.0 


Notes: 


These deployment options determine who owns and manages the cloud. The IBM Smart 
Business Development and Test on the IBM cloud model is an example of a public cloud, 
where customers can use IBM-owned and operated resources on a pay-as-you-go plan. 
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6.4. Development and test on the IBM cloud 
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Development and test on 
the IBM cloud 


\ 


i i 


Mig F © Copyright IBM Corporation 2010 


iin mE erials may not be reproduced in whole or in part without the prior written permission of IBM. 
WS009 / VS0091.0 


Figure 6-22. Development and Test on the IBM cloud 


Notes: 
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IBM Smart Business Development and Test on the IBM cloud 


e A dynamic virtual development and test infrastructure service, 
designed for the enterprise, on the IBM cloud 

Provides users with 

— Choice of virtual configurations 

— Option to add persistent storage 

— Preconfigured software images 

Pay as you go (hourly rates per VM instance) 

Available support: 

— User forum 

— Premium support 


http: //www.ibm.com/services/us/igs/ 
cloud-development / 


e An instance can be deployed and provisioned quickly in just three 
steps 


© Copyright IBM Corporation 2010 


Figure 6-23. IBM Smart Business Development and Test on the IBM cloud WS009 / VS0091.0 


Notes: 


The IBM cloud is a dynamic virtual development and test infrastructure environment, 
designed for the enterprise. It provides users with a choice of virtual configurations, the 
option to add persistent storage, and preconfigured software images. You pay as you go 
(hourly rates per VM instance). Free and paid support is available. Access via: 


http: //ww.ibm.com/services/us/igs/cloud-development/ 


An instance can be deployed and provisioned quickly in just three steps, described on the 
next few slides. 
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h 


Close [x] 


User ID: Password: 
| | | 


= Register = Forgot password? 


Reduce capital spe © somt  @ cance 
shorten developme 


Development and Te 


All information submitted is secure. Q 


and test needs with a competitive edge. The flexible provisioning offered by this solution means 
you can get the IT resources you need, on demand, at a predetermined cost. Capital : f 5 
expenditures are limited or eliminated. Operational costs are contained and predictable. IT testing environment with 
personnel no longer need to spend precious cycles deploying, configuring, and maintaining cloud computing- Cloud 
your development and test environment. computing enables speed to 

market and cost savings. 
We offer a full range of options for development and testing workloads across a spectrum of => Learn more 


© Copyright IBM Corporation 2010 


Power your development & 


3 , 5 Get started 
Deliver your next development project on time and on budget e 
IBM Smart Business Development and Test on the IBM Cloud addresses your development Customers [ Sign in ] 


Figure 6-24. IBM Smart Business Development and Test Cloud portal: Sign in WS009 / VS0091.0 


Notes: 


After requesting a contract, you receive information on how to log into the Development & 
Test portal. The URL for the login page is: http://wwẸ. ibm.com/cloud/enterprise/ 
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Account administration: Adding a user 


IBM Smart Business Welcome Megan Irvine | Sign out 


Close [x] 
Develo) Add user 
Enter the user's properties and click Submit to save. 


Required fields are indicated with an asterisk (*) 


Profile Administrat] S6" '™ 


Max VMs to Provision: 


Max Number of Public IP 
Addresses? 
* Manage users F pnd administrators. 


Max Number of Private IP 
j ified from any information you provided has consented to 
Addresses: 


Account management 


Rel links | ] 
elated Max Number of Storage | | se the actinn hiittane atthe hottam of the tahle 


- User's Guide Blocks: 


Reason for administrator 
anole. wwr Go to page: | 


Type ay Status aw 


Administrator Active 


(>) Submit k Cancel 


Figure 6-25. Account administration: adding a user WS009 / VS0091.0 


© Copyright IBM Corporation 2010 


Notes: 


You can add users to the account on the Account > Administration page. Select Add a 
user from the Global actions menu and click the right-arrow button. Complete the form 
and click Submit. 
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E 


Creating an instance (1 of 7) 


IBM Smart Business Weicome Megan Irvine | Sign out 


Development & Test 
Control pane! 


Instances Images Storage View asset catalog => 


Welcome to the Control Panel. You have not created any instances to view or manage. Once you have created instances, they will be displayed within the control 
panel 


C+) Add an instance to get started 


For more details, please visit the support page 


Step 1 Click the Add Step 2 View Image details Step 3 Watch your Instances 


Instances button and customize to provision and start 
and select an Image your needs managing 


Developmen & Text ae 
—— om 


© Copyright IBM Corporation 2010 


Figure 6-26. Creating an instance (1 of 7) WS009 / VS0091.0 


Notes: 


You can create an instance on the Control Panel > Instances page. Click Add an 
instance to get started. 


After you have created some instances, they are listed here. 
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Close [x] 


Add instance 


Step 1 of 4: select image View: Public | ly Images 


Select Data Center:” [RTP [~] 


IBM Lotus Forms Turbo 3.5.1 - BYOL 
IBM Lotus Forms Turbo 3.5.1 for Red Hat Enterprise Linux 5.4 (32-bit) using bring your own license 
entitlement (PVU) PA part number EOSTWLL (Red Hat Enterprise Linux/5.4) 


IBM Lotus Forms Turbo 3.5.1 - PAYG 


IBM Lotus Forms Turbo 3.5.1 for Red Hat Enterprise Linux 5.4 (32-bit) with pay as you go use 
option (Red Hat Enterprise Linux/S.4) 


IBM Lotus Web Content Management 6.1.5 - BYOL 


IBM Lotus Web Content Management V6.1.5 for SUSE Linux Enterprise Server 11.0 (32-bit) using 
bring your own license entitlement (PVU) PA part number E... (SUSE Linux Enterprise 
Server/11) [more] 


IBM Lotus Web Content Management 6.1.5 - PAYG 


IBM Lotus Web Content Management V6.1.5 for SUSE Linux Enterprise Server 11.0 (32-bit) with 
pay as you go use option (SUSE Linux Enterprise Server/11) 


IBM Lotus Web Content Management SE 6.1.5 - BYOL 

IBM Lotus Web Content Management Standard Edition V6.1.5 for SUSE Linux Enterprise Server 11.0 
(32-bit) using bring your own license entitlement (PVU)... (SUSE Linux Enterprise 

Server/11) [more] 
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Figure 6-27. Creating an instance (2 of 7) WS009 / VS0091.0 


Notes: 


A catalog of images displays. You can select the Data Center from the drop-down menu, 
then choose an image, and click Next. 
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Creating an instance (3 of 7) 


Add instance 


Step 2 of 4: configure image 


- Ce You selected: IBM WebSphere Application Server V7.0 - PAYG 

suse BM WebSphere Application Server Base 7.0.0.9 with feature packs XML 1.0.0.3, Web 2.0 v1.0.0.2, 
SCA v1.0.1.1, CEA v1.0.0.3 for SUSE Linux Enterprise Server 11.0 (32-bit) with pay as you go use 
option 


Complete the fields below to configure your instance selection. Required fields are indicated with an asterisk (*). 
Request Names | 

Quantity:* 1 

Server Size Bronze 32 bit 

Expires ons 401417192 

Key:* myKey (~] @ Add Key 


VLAN: Public internet EA 


Select IP:* system generated [~] How do | add an IP? 


Mount Storage: You do not have any storage. If you require storage, select cancel and select the 
Storage tab on the Control panel 


Image ID: 20004750 


Price: $0.727 / UHR 


© Copyright IBM Corporation 2010 


Figure 6-28. Creating an instance (3 of 7) WS009 / VS0091.0 


Notes: 


Depending on which image you chose in the previous step, the options on the next few 
screens may vary. In this example, the user chose an image with WebSphere Application 
Server Base 7.0.0.9. The form on the right asks you to specify a WebSphere administrator 
user ID and password, and you can choose from a list of feature packs to include. 


Note that in this example, the user specified a security key (highlighted in the screen 
capture). If you have already generated a security key for your instance, you can select it 
from the drop-down menu. Otherwise, you can click the Add key link, and you go to the 
page to generate a new key pair. These steps are shown later in this unit. 
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Creating an instance (4 of 7) 


Add instance 


Step 2b of 4: configuration additional parameters 


Complete the fields below to configure your instance selection. Required fields are indicated with an asterisk 


(*). 


WebSphere admininstrator 
IDs 


WebSphere admininstrator 
password:* 


Re-enter Password:* 


Select a configuration 
profile:* 


Select feature packs to 
enable: 


Specify a user ID for executing and administering WebSphere processes on 
the instance. To ensure security, do not specify ‘root’ or ‘idcuser as 
administrator ID. 


Specify a password for WebSphere administrator ID. Password must contain 
at least 1 number, at least 1 lower case letter, and at least 1 upper case 
letter. 


© Development profile 
(è) Default single server profile 


Choose development profile if you are developing an application using tools 
such as IBM Rational Application Developer. Choose default single server 
server profile for running the application in a production-like setting. 

(a) CEA feature pack 

O SCA feature pack 

(®) SCA feature pack with SDO 

oO XML feature pack 

© Allof the above 


(®) None 


Specify feature packs to enable in the profile 


© Copyright IBM Corporation 2010 


Figure 6-29. Creating an instance (4 of 7) 


Notes: 


WS009 / VS0091.0 
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Creating an instance (5 of 7) 


Add instance 


Step 3 of 4: verify configuration 


Image Name: 


Image Description: 


Data center: 
Request Name: 
Quantity: 
Server Size: 
Expires on: 
Key: 

Select IP: 


Mount Storage: 


VLAN: 
Price: 


WebSphere admininstrator 
1D: 


WebSphere admininstrator 
password: 


Select a confiquration 


IBM WebSphere Application Server V7.0 - PAYG 


IBM WebSphere Application Server Base 7.0.0.9 with feature packs XML 
v1.0.0.3, Web 2.0 v1.0.0.2, SCA v1.0.1.1, CEA v1.0.0.3 for SUSE Linux 
Enterprise Server 11.0 (32-bit) with pay as you go use option 


RIP 
SuseWAS7Payg1 
1 

Bronze 32 bi 
10/17/12 

myKey 

system generated 
none 

Public internet 
$0.727 / UHR 


wasadmin 
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Figure 6-30. Creating an instance (5 of 7) 


Notes: 


WS009 / VS0091.0 


After choosing options for the image, you are prompted to verify the configuration details, 
and then you must agree to the service agreement. Upon activation of the instance, usage 
metering begins and your account is charged accordingly. 
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Creating an instance (6 of 7) 


Add instance 


Step 4 of 4: service agreement 


Your access to and use of the Services, including all selected options, are governed by the terms of the 
Agreement that was signed between your Enterprise and IBM for these Services. These Services are also 
governed by one or more Attachments (including Service Description and Image Terms Attachments), which have 
additional terms. Attachments are part of the Agreement between you and IBM and include any announced 
updates to Attachments for these Services you are ordering after the Agreement was initially signed. The 
Agreement and Attachments also reference applicable IBM and third party end user license agreements that 
govern the use of IBM or third party software and operating system software provided as part of an Image. 


You are responsible for complying with the terms of the Agreement (including applicable Attachments and 
applicable license agreements. You may review the terms for the Service by 1) obtaining information regarding 
the Agreement and Attachments from your Account Administrator and 2) accessing the Asset Catalog to review 
specific Image Terms for end user license agreements for IBM and third party software provided as part of an 
Image. 


2) l agree © ido not agree 


© Copyright IBM Corporation 2010 


Figure 6-31. Creating an instance (6 of 7) WS009 / VS0091.0 
Notes: 
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Creating an instance (7 of 7) 


SuseWAS7Payg1 Change name Expires: 10/17/12 730 Days 


1?) v 


OS: SUSE Linux Enterprise Server v11 Security Key Pairs: Instance tags: 
IP: > Generate key pair 


Size: BRZ32.1/2048/175 > Instructions 
Hostname: 

Image: IBM WebSphere Application Server V7.0 - PAYG 

Storage: Not available 

Created on: 10/18/10 


Running for: 0 Hour 
Status: Requesting 
Originator: Not available 
Price: $0.727 / UHR 


Type Notifications Date 


Your instance is currently provisioning. Events and notifications display here to let you know the latest status. 


© Copyright IBM Corporation 2010 


Figure 6-32. Creating an instance (7 of 7) WS009 / VS0091.0 


Notes: 


This screen indicates that the instance is being provisioned. This can take several minutes. 
The status changes when the provisioning is complete. 
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Generating security keys (1 of 2) 


Close [x] 


Generate new key 


You are about to generate a new key pair 
keys: a public key and a private key. 


You have chosen to open 
ibmcloud_mirv@us.ibm.com_rsa 

which is a: com_rsa File 

from: https: //www-147.ibm.com 

r What should Firefox do with this file? 


O oren with 


© DownThemAll! 


Private key: When you click the Generatd 
download a key file will be provided. This 
must ensure that you save this file, 
you will be able to download your pri 


Public key: To retrieve your public key, c] 
table on the Account tab. 


Name: 
iI 


(>) Generate Key 


jo this automatically for files 


File name: ibmcloud_mirv@us.ibm.com_rsa Iv] 


My Network Save as type: com_rsa File [x] wanes) 


© Copyright IBM Corporation 2010 


Figure 6-33. Generating security keys (1 of 2) WS009 / VS0091.0 


Notes: 


Click the Add key link, during instance creation, to generate a new key pair. You are 
prompted to save the file. Be sure to protect this file. 
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Generating security keys (2 of 2) 


Profile Administration 


Account Search 


Name: Megan Irvine | (>) 
Email/User ID: miv@us.ibm.com a 
Company/Affiliation: 7G Websphere Course Development Active instances: 0 Users: 209 
Active storage units: 0 Instances: 905 
* Change password Active storage units: 191 View asset 


catalog 
Find detailed information on 


Security Key Pairs 


@ More Information images and offerings. 


+ View asset catalog 


Oct 18, 2010 


Help 


( SSH Demo Video 
( Users Guide 


© Change default key @ Add key @ Generate new key 
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Figure 6-34. Generating security keys (2 of 2) WS009 / VS0091.0 


Notes: 


From the Account > Profile page, you can view and manage your keys. 
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Instance compute resources 


32-bit VM Copper Bronze 
component 

Virtual CPUs @ 

1.25 GHz 

Virtual 

memory (GB) 

Virtual local 

storage (GB) 


64-bit VM Copper Bronze 

component 

Virtual CPUs 2 2 16 
@ 1.25 GHz 

Virtual 16 16 
memory (GB) 

Virtual local 1024 1024 2048 
storage (GB) 


© Copyright IBM Corporation 2010 


Figure 6-35. Instance compute resources WS009 / VS0091.0 


Notes: 


Customers can select any of these instance compute resource configurations for either 
32-bit or 64-bit virtual machines. Some instance resource configurations may not be 
available for certain images. 


IBM tracks and meters the per hour usage for instances provisioned. The per hour 
metering for each instance begins when the instance is available for use and ends when 
the instance is deleted. 


Each instance is provisioned and loaded with an image selected from the image asset 
catalog or web portal. 
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Image use options (1 of 2) 


e Pay as you go (PAYG) 
— Per hour usage metering for PAYG images 
e Bring your own license entitlement (BYOL) 


— A BYOL image is only available if the customer has properly acquired (for 
example, Passport Advantage) authorizations to use an IBM software product 


e Pre-release 
— Available for images designated as pre-release in the image asset catalog 
e Developer use only (DUO) 


— DUO images are not part of the standard image enablement, and customers 
must complete and submit an enablement form for DUO to enable DUO 
images 

Third-party images 

e Customer-provided software 


© Copyright IBM Corporation 2010 


Figure 6-36. Image use options (1 of 2) WS009 / VS0091.0 
Notes: 
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Image use options (2 of 2) 


e Persistent storage 
. Storage Storage 
— You can order blocks of persistent 
storage to store content and use with 
i Small 256 
— IBM tracks and meters the number 
and size of storage packages 
provisioned and used, and the number 
of input and output access requests 
e Internet data transfer 


— IBM provides for inbound and outbound data transfers between the IBM cloud 
and Internet 


— IBM tracks and meters the amount of data transfers, rounded up to the next 
whole GB 


e Reserved IP addresses 


— You can order reserved public IP addresses on the publicly accessible shared 
virtual local area network (VLAN) in the IBM cloud 


— IBM tracks and meters per hour the number of reserved IP addresses used 
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Figure 6-37. Image use options (2 of 2) WS009 / VS0091.0 


Notes: 
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Premium services options 


e Reserved capacity package 


— Reserves instance compute 
resource capacity fora 
customer's exclusive use 


e Virtual private network (VPN) 


— You can order a private VLAN 
connection to the IBM Cloud 
Center 


e Premium support 
— Extends the base services 
support provided through the 
forum 
— Provides foundational support 


services and optional Linux 
support services 


Instance For each 
compute reserved 
resource capacity unit 


Virtual CPUs @ 
1.25GHz 


Virtual memory 
(GB) 


Virtual storage 
(GB) 


© Copyright IBM Corporation 2010 


Figure 6-38. Premium services options 


Notes: 


WS009 / VS0091.0 
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Other IBM cloud services 


Il 


e Creating private images 
— You can create a snapshot image of an instance, and then save the snapshot 
as a custom image (private image) 
e Security 
— IBM provides security for the IBM Cloud Center infrastructure only 
— Customer is responsible for securing instances once provisioned 
e Online cloud services forum 
— Provides information posted by IBM and customers regarding services and 
support 
— IBM monitors the forum during business hours, US Eastern time 
e Service level agreement 


— Customers may be eligible for a services credit in the event there is a 
degradation of services 


Figure 6-39. Other IBM cloud services 


Notes: 
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Unit summary 


Having completed this unit, you should be able to: 

e Position various vendors in the service delivery model of cloud 
computing 

e Provide an example of an IBM cloud architectural configuration 

Describe the IBM cloud computing offerings and services 

— Collaboration — LotusLive, BlueWorks 

— Smart Business Desktop 

— Smart Business Development and Test 

— Smart Analytics Cloud 

Describe IBM tooling options for management and governance — 

Tivoli 

Describe the IBM Smart Business Development and Test cloud — 

Jazz for Rational 

Describe cloud computing using IBM WebSphere 
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Figure 6-40. Unit summary WS009 / VS0091.0 
Notes: 
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Checkpoint 


1. True or false: Tivoli Service Automation Manager integrates with the 
IBM WebSphere CloudBurst Appliance. 


2. The IBM Smart Business Development and Test on the IBM cloud is 
an example of what type of cloud? 


A. Private 
B. Shared 
C. Public 
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Figure 6-41. Checkpoint WS009 / VS0091.0 


Notes: 
Write your answers here: 
1. 
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Checkpoint answers 


1. True or false: Tivoli Service Automation Manager integrates with the 
IBM WebSphere CloudBurst Appliance. 


2. The IBM Smart Business Development and Test on the IBM cloud is 
an example of what type of cloud? 


A. Private 

B. Shared 

C. Public 

Answer: C 

© Copyright IBM Corporation 2010 

Figure 6-42. Checkpoint answers WS009 / VS0091.0 
Notes: 
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Checkpoint (optional) 


1. Where do collaboration tools and analytics services fit into the 
cloud? 


2. Where does WebSphere fit into the cloud? 


3. What are some examples of Rational products that may be used in 
a cloud environment? 
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Figure 6-43. Checkpoint (optional) WS009 / VS0091.0 


Notes: 
Write your answers here: 
1. 
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Checkpoint (optional) answers 


1. Software as a service (SaaS) 
2. Platform as a service (PaaS), or shared middleware services 


3. Jazz, IBM Rational Team Concert, Rational Quality Manager, 
Rational Requirements Composer, Rational Asset Manager, 
Rational Insight, and others. 
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Figure 6-44. Checkpoint (optional) answers WS009 / VS0091.0 
Notes: 
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Demonstration 


5 NS Instance creation on the IBM 
\ Smart Business Development 
and Test Cloud 


ol © Copyright IBM Corporation 2010 
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Figure 6-45. Demonstration WS009 / VS0091.0 
Notes: 
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Demonstration objectives 


After completing this demonstration, you should be able to: 


e Describe how to create an instance on the IBM Smart Business 
Development and Test Cloud 
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Figure 6-46. Demonstration objectives WS009 / VS0091.0 
Notes: 
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Demonstration 


Connecting to an instance on 
. > the IBM Smart Business 
*\ Development and Test Cloud 


i ol © Copyright IBM Corporation 2010 
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Figure 6-47. Demonstration WS009 / VS0091.0 
Notes: 
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Demonstration objectives 


After completing this demonstration, you should be able to: 
e Describe how to connect to an instance on the IBM Smart Business 


Development and Test Cloud 


© Copyright IBM Corporation 2010 
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Figure 6-48. Demonstration objectives 


Notes: 


© Copyright IBM Corp. 2010 


6-64 Fundamentals of Cloud Computing 
Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


Demonstration 


storage, and keys on the IBM 
*\ Smart Business Development 
and Test Cloud 


NS Getting a fixed IP address, 


4 


i a © Copyright IBM Corporation 2010 
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Figure 6-49. Demonstration 


WS009 / VS0091.0 


Notes: 
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Demonstration objectives 


After completing this demonstration, you should be able to: 
e Describe how to request storage and manage keys 
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Figure 6-50. Demonstration objectives WS009 / VS0091.0 


Notes: 
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Unit 7. IBM WebSphere CloudBurst and IBM 
WebSphere Hypervisor edition 


What this unit is about 


This provides an overview of the IBM WebSphere CloudBurst and IBM 
WebSphere Hypervisor edition. These two products can be used to 
create and provision cloud-based images. 


What you should be able to do 


After completing this unit, you should be able to: 
e Describe IBM WebSphere CloudBurst 


e Describe the features and capabilities of IBM WebSphere 
CloudBurst 


e Describe the features of IBM WebSphere Hypervisor Edition 


How you will check your progress 


e Checkpoint 


« Demonstration exercise 
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Unit objectives 


After completing this unit, you should be able to: 

e Describe IBM WebSphere CloudBurst 

e Describe the features and capabilities of IBM WebSphere CloudBurst 
e Describe the features of IBM WebSphere Hypervisor Edition 
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Figure 7-1. Unit objectives WS009 / VS0091.0 
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What is IBM WebSphere CloudBurst? 


1. An appliance from IBM that 2. ...that manages a private cloud... 
includes... e Hypervisors 
e Hardware with built-in security e Storage 


and trust authority 


e WebSphere Application Server 
images 


e Network 


e WebSphere Application Server patterns 


T 
-2 


3. ...comprises WebSphere virtual systems... 
e Customize images and patterns 
e Dispense and run in the cloud 
e Lifecycle management and optimization 
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Figure 7-2. What is IBM WebSphere CloudBurst? WS009 / VS0091.0 


Notes: 


IBM WebSphere CloudBurst appliance includes the hardware, the management 
application, and a set of preinstalled and preconfigured WebSphere Application Server 
virtual images and patterns. All access to the appliance is via supported interfaces, using 
the Web 2.0 user interface, the full command-line interface (CLI), or REST 
(representational state transfer) APIs. 


The appliance supports a “bring your own cloud” model in which hypervisors, network 
capabilities, and storage are provided for use by the appliance. The cloud is where the 
deployed WebSphere applications run; they do not run on the appliance. 


IBM WebSphere CloudBurst appliance provides the tooling to customize the IBM-provided 
images and patterns to create a self-service catalog of your WebSphere applications, and 
the capabilities to dispense WebSphere Application Server virtual systems into the private 
cloud. The appliance includes intelligent placement capabilities that enable the WebSphere 
Application Server patterns to be deployed to the cloud in such a way as to ensure efficient 
cloud resource usage and high availability characteristics. Once the patterns are deployed, 
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the appliance provides management and optimization capabilities, including mechanisms 
to apply fixes to the environment. 
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Provisioning of WebSphere Application Server instances 


What problems does IBM WebSphere Cloudburst address? 


Development 


e Provisioning of IBM WebSphere Test/QA 
Application Server instances 


e Shorten the development 


and testing life cycles Production 


© Copyright IBM Corporation 2010 


Figure 7-3. Provisioning of WebSphere Application Server instances WS009 / VS0091.0 


Notes: 


The appliance enhances rapid provisioning of IBM WebSphere Application Server 
instances from predefined patterns into a private cloud. The private cloud may contain 
environments for development, test, QA, and production. You can move development 
images directly to and from test as well as migrate test and QA instances to production. A 
distributed WebSphere production environment can be re-created on a single virtualized 
physical system for test purposes. A WebSphere Application Server test environment can 
be reset efficiently. You can save multiple versions and stages of test images. Development 
and test images can be rolled back using virtual machine snapshots. 
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Benefits of an appliance 


e Consumability 
— Available immediately after installation 
— Build private clouds after installation 


e Security 
— Everything stored is encrypted 
— Three secure interfaces 


e Performance 
— Advanced compression techniques 
— Advanced storage techniques 
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Figure 7-4. Benefits of an appliance WS009 / VS0091.0 


Notes: 


The appliance affords a great deal of consumability. After connecting the appliance and 
accepting the initial licenses, the WebSphere CloudBurst Appliance console is immediately 
available. No extra installation steps are necessary, and you can immediately begin to build 
out your private WebSphere clouds. 


The WebSphere CloudBurst Appliance, like an IBM WebSphere DataPower SOA 
Appliance, provides a tamper-resistant casing. In addition, WebSphere CloudBurst 
Appliance applies encryption to SSL certificates, passwords, virtual images, applications, 
and everything else that is stored on it. Users interact with WebSphere CloudBurst using 
one of three interfaces: 


e Web 2.0 user interface 
¢ Full command-line interface (CLI) 
e REST APIs 


There are no other access points (like a command-line shell), thus decreasing the surface 
area for malicious attacks. 
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The WebSphere CloudBurst Appliance serves as a dedicated store for both the shipped 
and customized WebSphere Application Server virtual images and patterns. The appliance 
includes advanced compression and storage techniques that enable a significant number 
of these sizeable virtual images to be stored by a user. The appliance also delivers the 
processing power needed to manage these virtual images and enable you to create private 
WebSphere clouds. 
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What is WebSphere Application Server Hypervisor Edition? 
Multiple disk design 


A. WebSphere profile types 
precreated on disk 


B. WebSphere Application Logical 
Server binary disk disks 


WebSphere 


Application Server 


C. IBM HTTP Server binaries 


binaries disk 


D. Base SUSE Linux 
Enterprise Server 
installation disk 


IBM HTTP Server 


binaries 


SUSE 10.2 
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Figure 7-5. What is WebSphere Application Server Hypervisor Edition? WS009 / VS0091.0 


Notes: 


WebSphere Application Server Hypervisor Edition is part of the WebSphere Application 
Server family of products. It is included in the appliance. It contains a preinstalled, 
preconfigured, OS-included binary image of the application server from which virtual 
machines can be created and deployed on hypervisors. 


For each release of WebSphere Application Server Hypervisor Edition V6.1 and V7.0 
products, the base image contains SUSE Linux operating system as well as the IBM HTTP 
Server, WebSphere Application Server binaries, and all profiles supported for that specific 
release. WebSphere Application Server Hypervisor Edition uses OVF format, which is an 
optimized format to store virtual images. 
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WebSphere Application Server Hypervisor Edition features 


WebSphere shipped ready to run on hypervisor 


No installation required 
— Just choose a profile and run 


Single virtual image capable of supporting single servers or clusters 
Support for WebSphere Application Server V6.1 and V7 
Support for WebSphere Application Server feature packs 


Maintenance, support, 


and fixes for both r 
" 

WebSphere Application 

Server and operating WebSphere Application Server binaries 

system 

IBM HTTP Server binaries 

MEO 

Virtualization Format Operating system 

(OVF) standard 

© Copyright IBM Corporation 2010 
Figure 7-6. WebSphere Application Server Hypervisor Edition features WS009 / VS0091.0 


Notes: 


Previously, when IBM customers wanted to use WebSphere Application Server in a 
virtualization context, they were required to build their own images, which involved 
managing two parallel sets of code (operating system and middleware). Now IBM is 
building and supporting the entire virtual image. 


© Copyright IBM Corp. 2010 Unit 7. IBM WebSphere CloudBurst and IBM WebSphere Hypervisor 7-9 


Course materials may not be reproduced in whole or in part 
without the prior written permission of IBM. 


Student Notebook 


WebSphere Education 


WebSphere CloudBurst console 


e Sign on to WebSphere CloudBurst using the administrative console 
e Request Application Server Hypervisor editions to be dispensed 


WebSphere CloudBurst 


Welcome 


Welcome to WebSphere CloudBurst! 


WebSphere CloudBurst is a hardware appliance that automates and optimizes the deployment of WebSphere Application Server environments. 


Deployment 


made easier 


Step 1: Set up the appliance 


Customize the appliance settings and create user 
accounts. You can also create user groups. 


Customize settings | Create users 


Step 2: Set up the cloud 


Create the cloud by identifying IP groups and 
collections of hypervisors called cloud groups. 


Add IP groups | Add cloud groups 


Step 3: Create a virtual system 


Create a virtual system by deploying a reusable 
pattern. 


Select a pattern to deploy 


Step 4: View virtual systems 


View the current status, metrics, and details of virtual 
systems in the cloud. 


View virtual systems 


Welcome, Administrator | 


Additional tasks 


Add virtual images 


Provide new virtual images to the catalog by 
uploading files or extending pre-built images. 


Add virtual images 


Add script packages 


Provide your custom scripts and applications to the 
catalog. 


Add script packages 


Create reusable patterns 


Create a custom pattern from the items in the 
catalog. 


Create patterns 


Use command line tools 


Perform administrative and deployment tasks from 
the command line. 


Download now! 
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Figure 7-7. WebSphere CloudBurst console WS009 / VS0091.0 


Notes: 


The user logs onto the WebSphere CloudBurst box, and based on the permissions set for 
that login, is presented with a list of environments, or patterns, as they are called, that can 
be made available in the cloud. These patterns are multiserver arrangements of 
WebSphere Hypervisor Edition. 


Users can create patterns from the WebSphere CloudBurst catalog of WebSphere 
Application Server Hypervisor Edition virtual images that ships with the CloudBurst 
product. 
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Dispensing WebSphere Hypervisor edition images 


IBM WebSphere CloudBurst Appliance 
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Figure 7-8. Dispensing WebSphere Hypervisor edition images WS009 / VS0091.0 


Notes: 


An environment or pattern is selected, and CloudBurst then chooses a set of hypervisors 
(based on utilization) in the cloud to dispense the environment into. WebSphere 
CloudBurst then presents the user with a list of the host names that were chosen, and the 
user can access the patterns that have been deployed as virtual systems running in the 
cloud. 
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Catalog 


© Virtual images 
of 


WebSphere Application Server Hypervisor Edition 
Job Admin Single mar Single 
manager agent server g server 
Custom IBM HTTP Custom 


V7.0.0.7 profiles V6.1.0.27 profiles 


Script User supplied script packages G) Emergency 


packages fixes 


e wsadmin or other scripts 
e Java EE applications 
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Figure 7-9. Catalog WS009 / VS0091.0 


Notes: 


1. Provided with the appliance is a catalog of virtual images of WebSphere Application 
Server Hypervisor Edition V7.0 and V6.1. The catalog of virtual images contains all 
profiles related to those versions of the application server, as shown in the graphic. 


2. In addition, users can supply their own script packages. These script packages can 
contain script package files (wsadmin scripts or other OS executables), along with any 
Java EE applications or other artifacts. The user associates the scripts to a given 
deployment. At deployment time, the script is extracted and the executable specified in 
the package is executed on the virtual machine. Through this mechanism, the user can 
customize the WebSphere Application Server configuration on the virtual machine. 


Examples of custom scripts can include installing a Java EE application, or configuring 
a JDBC connection. 


3. A list of emergency fixes is also included in the catalog. 
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Patterns 


Pattern 


Job Admin Single 
manager agent server Pma | vs HTTP 
we erver 
~ mally 


Dar Custom IBM HTTP 
Catalog Z TI Ik node |k?Server 


V7.0.0.7 profiles 
virtual image parts and 


Single 
: 
script packages 
) IBM HTTP selected from the 
Script Sees mous catalog used to create 


ckages 
a V6.1.0.27 profiles a Geploymenk topology 


Custom Custom 
k/7 node o2 node 


e Pattern is one or more 


e Example illustrates a 
V7.0 clustered topology 
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Figure 7-10. Patterns WS009 / VS0091.0 


Notes: 


Using the catalog of WebSphere Application Server Hypervisor Edition virtual images and 
script packages, users can create patterns that can be deployed as virtual systems to the 

private cloud. Patterns are like templates that can be used to deploy virtual systems on the 
cloud. The pattern can be as simple as single server topology where a single server virtual 
image from the catalog for a given version is used to create a pattern. 


As shown in this example, the pattern is for a WebSphere Application Server V7.0 network 
deployment cell. From the catalog, a deployment manager, two custom nodes, and IBM 
HTTP Server were added to a pattern. At a later time, the pattern could be deployed as a 
virtual system to the private cloud. Each virtual image in the pattern is deployed as its own 
virtual machine into the private cloud. 
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Virtual systems: Deployed patterns 


e Virtual systems are patterns that have been deployed to the cloud 


Catalog 


1. Virtual images of 
WebSphere 
Application Server 
Hypervisor Edition 


Virtual system 


2. User supplied script 
packages 


Pattern Deploy 
Virtualize Preloaded 


Added 
Cloned 
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Figure 7-11. Virtual systems: Deployed patterns WS009 / VS0091.0 


Notes: 


There are a number of tasks that must be performed before a pattern is deployed as a 
virtual system to the private cloud. The user first must determine which virtual images in the 
catalog are suitable for the situation on hand. Next the user creates script packages. Script 
packages customize the deployment of the pattern to the cloud. The virtual image and 
script package combine to make a pattern. Users can work with preloaded patterns, add 
their own, or clone preloaded patterns. Once a pattern is finalized, it is deployed (or 
dispensed) to a hypervisor in the private cloud. A deployed pattern is called a virtual 
system. A virtual system is made up of one to many virtual machines that run on the 
hypervisor. 
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Virtual image life cycle 


WebSphere CloudBurst appliance 


WebSphere Application 
Server Hypervisor Edition Deploy 


OVF 
to hypervisor 
Package 


virtual image 


as OVF Manage 


virtual image 


Retire virtual 
image 


Develop 
virtual image 
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Figure 7-12. Virtual image life cycle WS009 / VS0091.0 


Notes: 


WebSphere Application Server Hypervisor and WebSphere CloudBurst appliance 
introduce a new life cycle to consider. Virtual images are developed and packaged using 
Hypervisor Edition. Those images are deployed, managed, and retired by the CloudBurst 
appliance. 
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Unit summary 


Having completed this unit, you should be able to: 
e Describe IBM WebSphere CloudBurst 
e Describe the features and capabilities of IBM WebSphere CloudBurst 


e Describe the features of IBM WebSphere Hypervisor Edition 
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Figure 7-13. Unit summary WS009 / VS0091.0 


Notes: 
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Checkpoint 


1. True or false: IBM WebSphere CloudBurst runs WebSphere 
Hypervisor edition virtual machines on the appliance. 


2. True or false: A distributed WebSphere production environment 
can be recreated on a single virtualized physical system for test 
purposes. 
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Figure 7-14. Checkpoint (objective only) WS009 / VS0091.0 


Notes: 


Write your answers here: 
1. 
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Checkpoint answers 


1. True or false: IBM WebSphere CloudBurst runs WebSphere 
Hypervisor edition virtual machines on the appliance. 
Correct answer: False. 
WebSphere CloudBurst dispenses the WebSphere Hypervisor 
edition into a pool of ESX hypervisors that run on a set of hardware 
devices that must be held in a table on the appliance. 


2. True or false: A distributed WebSphere production environment 


can be recreated on a single virtualized physical system for test 
purposes. 
Correct answer: True. 
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Figure 7-15. Checkpoint answers WS009 / VS0091.0 


Notes: 
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Demonstration 


™ 


i oN Showing WebSphere 
\ CloudBurst 


ol © Copyright IBM Corporation 2010 
aterials may not be reproduced in whole or in part without the prior written permission of IBM. 


Figure 7-16. Demonstration WS009 / VS0091.0 
Notes: 
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Demonstration objectives 


After completing this demonstration, you should be able to: 


e Describe the capabilities and function of the IBM WebSphere 
CloudBurst appliance 
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Figure 7-17. Demonstration objectives WS009 / VS0091.0 
Notes: 
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Demonstration instructions 


1. If you have not already done so, extract Cloud_demos.zip to 
your hard drive, ensuring that you select Use folder names when 
extracting the file 
2. Navigate to \Cloud_demos; then double-click simulations.htm| 
to start the demonstrations 
3. Select Demonstration: Showing WebSphere CloudBurst to start 
the demonstration 
4. Select Final Exercise: Cloud crossword (requires Java browser 
plug-in) to run the puzzle 
5. Follow the instructions provided 
© Copyright IBM Corporation 2010 
Figure 7-18. Demonstration instructions WS009 / VS0091.0 
Notes: 
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Unit 8. Course summary 


What this unit is about 


This unit provides a short summary of the course. 


What you should be able to do 


After completing this unit, you should be able to: 
e Explain how the course met its learning objectives 
e Submit your evaluation of the class 
e Identify other WebSphere Education courses related to this topic 
e Access the WebSphere Education website 


e Locate appropriate resources for further study 
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Unit objectives 


After completing this unit, you should be able to: 

e Explain how the course met its learning objectives 

e Submit your evaluation of the class 

Identify other WebSphere Education courses related to this topic 
Access the WebSphere Education website 

e Locate appropriate resources for further study 
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Figure 8-1. Unit objectives WS009 / VS0091.0 
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Course learning objectives (1 of 2) 


Having completed this course, you should be able to: 


Define cloud computing 

Identify the key characteristics of cloud computing 

List the benefits of using clouds 

Describe some of the challenges to adopting a cloud architecture 
Describe key cloud computing concepts and terminology 
Describe the service delivery models in cloud computing 

— Identify the software as a service (SaaS) delivery model 

— Identify the platform as a service (PaaS) delivery model 

— Identify the infrastructure as a service (laaS) delivery model 

List the various cloud deployment scenarios 

— Describe the features of private, public, hybrid, and community clouds 


— List some additional cloud deployment types 


— Select the most appropriate deployment model based on a set of business and 
technical requirements 
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Figure 8-2. Course learning objectives (1 of 2) WS009 / VS0091.0 
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Course learning objectives (2 of 2) 


Since completing this course, you should be able to: 


Review the integration of security into the cloud reference model 
Describe security considerations in cloud computing 

Identify security options available in cloud computing 

Recognize the top security threats to cloud computing 


Describe the architecture of IBM cloud computing and IBM cloud 
computing offerings 

— Position the various vendors in the service delivery model of cloud computing 
— Illustrate an IBM example cloud architectural configuration 

— Describe some of the IBM cloud offerings 

Describe the capabilities WebSphere CloudBurst and WebSphere 
Hypervisor edition 
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Class evaluation 


e Your comments about this class are very useful to WebSphere 
Education 
e Feedback on the site, curriculum, and instructor tell WebSphere 
Education what was good about the class and what can be improved 
e Take the time to fill out the course evaluation on the IBM Training 
website, and receive your certificate for the course 
osart .atlanta.ibm.com 


— Course code: VS009 or WS009 


— Class number: © 
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Figure 8-4. Class evaluation WS009 / VS0091.0 


Notes: 


Check the course code and class number with your instructor. 
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To learn more on this subject 


e WebSphere Education website: 


— www.ibm.com/websphere/education 


e Training paths: 
— www.ibm.com/software/websphere/education/paths/ 


— Identify the next courses in this sequence 


e Resource Guide 
— Contains information on many useful sources of information 
— Many of these sources are free 
— See handout in your class materials, or download a copy 


www.ibm.com/developerworks/wikis/display/WEinstructors/ 
WebSphere+Resource+Guide 


Email address for more information: 


— websphere_skills@us.ibm.com 


Education CD and documents in your class materials 
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Figure 8-5. To learn more on this subject WS009 / VS0091.0 


Notes: 
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References 


developerWorks Cloud community: 

— https: //www.ibm.com/developerworks/mydeveloperworks/ 
groups/service/html1/communityview?communit yUuid= 
c2028fdc—41fe—4493—-8257-33a59069fa04EsuccessMessage= 
label.action.confirm.community. join 


IBM Cloud Community: 


— https://www.ibm.com/communities/service/html1/ 
communityview?communit yUuid=fa3a3fd5—6d7b—48b9—-b13b-— 
ba25£3325dda 


Cloud Security Alliance: 
— www.cloudsecurityalliance.org 


IBM Test Cloud: 
— http://www.ibm.com/developerworks/cloud/devtest .html 


Cloud Computing for Dummies, J. Hurwitz, ISBN 978-0-470-484-8 


IBM Test Preparation, Cloud Computing, A Primer, Part | & Il: 
— http://www.ibm.com/certify/tests/edu032.shtml 
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Unit summary 


Having completed this unit, you should be able to: 

e Explain how the course met its learning objectives 

e Submit your evaluation of the class 

Identify other WebSphere Education courses related to this topic 
Access the WebSphere Education website 

e Locate appropriate resources for further study 
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List of abbreviations 
and acronyms 


authentication, authorization, 
and auditing 


Automatic Data Processing, 
Inc. 


Advanced Encryption 
Standard 


Amazon Machine Image 


application programming 
interface 


application service provider 


business support system 


bring your own license 
entitlement 


Change and Configuration 
Management Database 


compact disc 
command-line interface 
central processing unit 


customer relationship 
management 


Data Encryption Standard 
Digital Signature Algorithm 
developer use only 


Elastic Compute Cloud 


EE 


ERP 


Enterprise Edition 
Enterprise JavaBean 
enterprise resource planning 


gigabyte 
graphical user interface 


host-based intrusion 
protection systems 


human resources 
Hypertext Transfer Protocol 


infrastructure as a service 


International Business 
Machines Corporation 


integrated development 
environment 


International Data Encryption 
Algorithm 


input/output 

infrastructure provider 
Internet Protocol 

intrusion prevention system 
independent service provider 
Internet service provider 
information technology 
Integrated Test Enablement 
integrated test environment 


IBM Tivoli Usage and 
Accounting Manager 
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J R 
JDBC Java Database Connectivity REST Representational State 
Transfer 
RSA Rivest, Shamir and Adleman 
K 
KVM kernel-based virtual machine 
SaaS software as a service 
L SLA service level agreement 
LAN local area network SMB small and medium business 
LPAR logical partition SOA service-oriented architecture 
SOAP usage note: SOAP is not an 
M acronym; it is a word in itself 
(formerly an acronym for 
MQ Message Queue Simple Object Access 
Protocol) 
SOX Sarbanes—Oxley 
N SP service provider 
NIDS network intrusion-detection SSL Secure Sockets Layer 
system 
NIPS network-based intrusion 
protection system T 
NIST National Institute of Standards TSAM Tivoli Service Automation 
and Technology Manager 
O 
U 
Os operating system 
Ul user interface 
OSS operation supporting system 
, Sa URL Uniform Resource Locator 
OVF Open Virtualization Format 
V 
P 
, VDI virtual desktop infrastructure 
PaaS platform as a service 
VLAN virtual local area network 
PAYG pay-as-you-go 
VM virtual machine 
PC personal computer 
VMM virtual machine monitor 
VNPL virtualized non-production lab 
Q VPC virtual private cloud 
QA quality assurance VPN virtual private network 
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X 
XML Extensible Markup Language 
XSL Extensible Stylesheet 
Language 
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